<!DOCTYPE html><html class=split lang=en-US-x-hixie><script src=../link-fixup.js defer=""></script>
<!-- Mirrored from html.spec.whatwg.org/multipage/browsers.html by HTTrack Website Copier/3.x [XR&CO'2014], Wed, 10 Sep 2025 08:35:52 GMT -->
<!-- Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=utf-8" /><!-- /Added by HTTrack -->
<meta charset=utf-8><meta content="width=device-width, initial-scale=1, shrink-to-fit=no" name=viewport><title>HTML Standard</title><meta content=#3c790a name=theme-color><meta content="light dark" name=color-scheme><link rel=stylesheet href=../../resources.whatwg.org/standard-shared-with-dev.css crossorigin=""><link rel=stylesheet href=../../resources.whatwg.org/standard.css crossorigin=""><link rel=stylesheet href=../../resources.whatwg.org/spec.css crossorigin=""><link rel=icon href=https://resources.whatwg.org/logo.svg crossorigin=""><link rel=stylesheet href=../styles.css crossorigin=""><script>
   function toggleStatus(div) {
     div.parentNode.classList.toggle('wrapped');
   }
   function setLinkFragment(link) {
     link.hash = location.hash;
   }
  </script><body>
  
  <script defer="" crossorigin="" src=../html-dfn.js></script>
  
  <header id=head class="head with-buttons">
   <a href=https://whatwg.org/ class=logo><img width=100 alt=WHATWG crossorigin="" class=darkmode-aware src=https://resources.whatwg.org/logo.svg height=100></a>
   <hgroup><h1 class=allcaps>HTML</h1><p id=living-standard>Living Standard — Last Updated <span class=pubdate>10 September 2025</span></hgroup>
   
   

   
  </header>

  

  

  

  
  

  
  

  

  <nav><a href=popover.html>← 6.12 The popover attribute</a> — <a href=index.html>Table of Contents</a> — <a href=nav-history-apis.html>7.2 APIs related to navigation and
  session history →</a></nav><ol class=toc><li id=toc-browsers><a href=browsers.html#browsers><span class=secno>7</span> Loading web pages</a><ol><li><a href=browsers.html#loading-web-pages-supporting-concepts><span class=secno>7.1</span> Supporting concepts</a><ol><li><a href=browsers.html#origin><span class=secno>7.1.1</span> Origins</a><ol><li><a href=browsers.html#sites><span class=secno>7.1.1.1</span> Sites</a><li><a href=browsers.html#relaxing-the-same-origin-restriction><span class=secno>7.1.1.2</span> Relaxing the same-origin restriction</a></ol><li><a href=browsers.html#origin-keyed-agent-clusters><span class=secno>7.1.2</span> Origin-keyed agent clusters</a><li><a href=browsers.html#cross-origin-opener-policies><span class=secno>7.1.3</span> Cross-origin opener policies</a><ol><li><a href=browsers.html#the-coop-headers><span class=secno>7.1.3.1</span> The headers</a><li><a href=browsers.html#browsing-context-group-switches-due-to-cross-origin-opener-policy><span class=secno>7.1.3.2</span> Browsing context group
  switches due to opener policy</a><li><a href=browsers.html#coop-reporting><span class=secno>7.1.3.3</span> Reporting</a></ol><li><a href=browsers.html#coep><span class=secno>7.1.4</span> Cross-origin embedder policies</a><ol><li><a href=browsers.html#the-coep-headers><span class=secno>7.1.4.1</span> The headers</a><li><a href=browsers.html#embedder-policy-checks><span class=secno>7.1.4.2</span> Embedder policy checks</a></ol><li><a href=browsers.html#sandboxing><span class=secno>7.1.5</span> Sandboxing</a><li><a href=browsers.html#policy-containers><span class=secno>7.1.6</span> Policy containers</a></ol></ol></ol><h2 id=browsers><span class=secno>7</span> Loading web pages<a href=#browsers class=self-link></a></h2>

  

  <p>This section describes features that apply most directly to web browsers. Having said that,
  except where specified otherwise, the requirements defined in this section <em>do</em> apply to
  all user agents, whether they are web browsers or not.</p>

  

  <h3 id=loading-web-pages-supporting-concepts><span class=secno>7.1</span> Supporting concepts<a href=#loading-web-pages-supporting-concepts class=self-link></a></h3>

  <h4 id=origin><span class=secno>7.1.1</span> Origins<a href=#origin class=self-link></a></h4>
  

  <p>Origins are the fundamental currency of the web's security model. Two actors in the web
  platform that share an origin are assumed to trust each other and to have the same authority.
  Actors with differing origins are considered potentially hostile versus each other, and are
  isolated from each other to varying degrees.</p>

  <p class=example>For example, if Example Bank's web site, hosted at <code>bank.example.com</code>, tries to examine the DOM of Example Charity's web site, hosted
  at <code>charity.example.org</code>, a <a id=origin:securityerror href=https://webidl.spec.whatwg.org/#securityerror data-x-internal=securityerror>"<code>SecurityError</code>"</a>
  <code id=origin:domexception><a data-x-internal=domexception href=https://webidl.spec.whatwg.org/#dfn-DOMException>DOMException</a></code> will be raised.</p>

  <hr>

  <p id=origin-2>An <dfn id=concept-origin data-export="">origin</dfn> is one of the following:</p>

  <dl><dt>An <dfn id=concept-origin-opaque data-export="">opaque origin</dfn><dd><p>An internal value, with no serialization it can be recreated from (it is serialized as
   "<code>null</code>" per <a href=#ascii-serialisation-of-an-origin id=origin:ascii-serialisation-of-an-origin>serialization of an origin</a>), for which the only
   meaningful operation is testing for equality.<dt>A <dfn id=concept-origin-tuple data-export="">tuple origin</dfn><dd>
    <p>A <a id=origin:tuple href=https://infra.spec.whatwg.org/#tuple data-x-internal=tuple>tuple</a> consisting of:

    <ul class=brief><li>A <dfn data-dfn-for=origin id=concept-origin-scheme data-export="">scheme</dfn> (an <a id=origin:ascii-string href=https://infra.spec.whatwg.org/#ascii-string data-x-internal=ascii-string>ASCII
     string</a>).<li>A <dfn data-dfn-for=origin id=concept-origin-host data-export="">host</dfn> (a <a href=https://url.spec.whatwg.org/#concept-host id=origin:concept-host data-x-internal=concept-host>host</a>).<li>A <dfn data-dfn-for=origin id=concept-origin-port data-export="">port</dfn> (null or a 16-bit
     unsigned integer).<li>A <dfn data-dfn-for=origin id=concept-origin-domain data-export="">domain</dfn> (null or a <a href=https://url.spec.whatwg.org/#concept-domain id=origin:concept-domain data-x-internal=concept-domain>domain</a>). Null unless stated otherwise.</ul>
   </dl>

  <p class=note><a href=#concept-origin id=origin:concept-origin>Origins</a> can be shared, e.g., among multiple
  <code id=origin:document><a href=dom.html#document>Document</a></code> objects. Furthermore, <a href=#concept-origin id=origin:concept-origin-2>origins</a> are generally
  immutable. Only the <a href=#concept-origin-domain id=origin:concept-origin-domain>domain</a> of a <a href=#concept-origin-tuple id=origin:concept-origin-tuple>tuple origin</a> can be changed, and only through the <code id=origin:dom-document-domain><a href=#dom-document-domain>document.domain</a></code> API.</p>

  

  <p>The <dfn id=concept-origin-effective-domain data-export="">effective domain</dfn> of an
  <a href=#concept-origin id=origin:concept-origin-3>origin</a> <var>origin</var> is computed as follows:</p>

  <ol><li><p>If <var>origin</var> is an <a href=#concept-origin-opaque id=origin:concept-origin-opaque>opaque origin</a>,
   then return null.<li><p>If <var>origin</var>'s <a href=#concept-origin-domain id=origin:concept-origin-domain-2>domain</a> is non-null,
   then return <var>origin</var>'s <a href=#concept-origin-domain id=origin:concept-origin-domain-3>domain</a>.<li><p>Return <var>origin</var>'s <a href=#concept-origin-host id=origin:concept-origin-host>host</a>.</ol>

  <p>The <dfn id=ascii-serialisation-of-an-origin data-lt="serialization of an
  origin|ASCII serialization of an origin" data-export="">serialization of an origin</dfn> is the string obtained
  by applying the following algorithm to the given <a href=#concept-origin id=origin:concept-origin-4>origin</a> <var>origin</var>:</p>

  <ol><li><p>If <var>origin</var> is an <a href=#concept-origin-opaque id=origin:concept-origin-opaque-2>opaque origin</a>,
   then return "<code>null</code>".<li><p>Otherwise, let <var>result</var> be <var>origin</var>'s <a href=#concept-origin-scheme id=origin:concept-origin-scheme>scheme</a>.<li><p>Append "<code>://</code>" to <var>result</var>.<li><p>Append <var>origin</var>'s <a href=#concept-origin-host id=origin:concept-origin-host-2>host</a>, <a href=https://url.spec.whatwg.org/#concept-host-serializer id=origin:host-serializer data-x-internal=host-serializer>serialized</a>, to <var>result</var>.<li><p>If <var>origin</var>'s <a href=#concept-origin-port id=origin:concept-origin-port>port</a> is non-null, append
   a U+003A COLON character (:), and <var>origin</var>'s <a href=#concept-origin-port id=origin:concept-origin-port-2>port</a>, <a href=https://url.spec.whatwg.org/#serialize-an-integer id=origin:serialize-an-integer data-x-internal=serialize-an-integer>serialized</a>,
   to <var>result</var>.<li><p>Return <var>result</var>.</ol>

  

  <p class=example>The <a href=#ascii-serialisation-of-an-origin id=origin:ascii-serialisation-of-an-origin-2>serialization</a> of ("<code>https</code>", "<code>xn--maraa-rta.example</code>", null, null) is "<code>https://xn--maraa-rta.example</code>".</p>

  

  <p id=unicode-serialisation-of-an-origin class=note><a href=#unicode-serialisation-of-an-origin class=self-link></a>There used to also be a
  <i>Unicode serialization of an origin</i>. However, it was never widely adopted.</p>

  <hr>

  <p>Two <a href=#concept-origin id=origin:concept-origin-5>origins</a>, <var>A</var> and <var>B</var>, are said to be <dfn id=same-origin data-export="">same origin</dfn> if the following algorithm returns true:</p>

  <ol><li><p>If <var>A</var> and <var>B</var> are the same <a href=#concept-origin-opaque id=origin:concept-origin-opaque-3>opaque
   origin</a>, then return true.<li><p>If <var>A</var> and <var>B</var> are both <a href=#concept-origin-tuple id=origin:concept-origin-tuple-2>tuple
   origins</a> and their <a href=#concept-origin-scheme id=origin:concept-origin-scheme-2>schemes</a>, <a href=#concept-origin-host id=origin:concept-origin-host-3>hosts</a>, and <a href=#concept-origin-port id=origin:concept-origin-port-3>port</a>
   are identical, then return true.<li><p>Return false.</ol>

  <p>Two <a href=#concept-origin id=origin:concept-origin-6>origins</a>, <var>A</var> and <var>B</var>, are said to be <dfn id=same-origin-domain data-export="">same origin-domain</dfn> if the following algorithm returns true:</p>

  <ol><li><p>If <var>A</var> and <var>B</var> are the same <a href=#concept-origin-opaque id=origin:concept-origin-opaque-4>opaque
   origin</a>, then return true.<li>
    <p>If <var>A</var> and <var>B</var> are both <a href=#concept-origin-tuple id=origin:concept-origin-tuple-3>tuple
    origins</a>:</p>

    <ol><li><p>If <var>A</var> and <var>B</var>'s <a href=#concept-origin-scheme id=origin:concept-origin-scheme-3>schemes</a>
     are identical, and their <a href=#concept-origin-domain id=origin:concept-origin-domain-4>domains</a> are identical and
     non-null, then return true.<li><p>Otherwise, if <var>A</var> and <var>B</var> are <a href=#same-origin id=origin:same-origin>same origin</a> and their
     <a href=#concept-origin-domain id=origin:concept-origin-domain-5>domains</a> are both null, return true.</ol>

   <li><p>Return false.</ol>

  

  <div class=example>
   

   <table><tr><th><var>A</var>
     <th><var>B</var>
     <th><a href=#same-origin id=origin:same-origin-2>same origin</a>
     <th><a href=#same-origin-domain id=origin:same-origin-domain>same origin-domain</a>
    <tr><td>("<code>https</code>", "<code>example.org</code>", null, null)
     <td>("<code>https</code>", "<code>example.org</code>", null, null)
     <td>✅
     <td>✅
    <tr><td>("<code>https</code>", "<code>example.org</code>", 314, null)
     <td>("<code>https</code>", "<code>example.org</code>", 420, null)
     <td>❌
     <td>❌
    <tr><td>("<code>https</code>", "<code>example.org</code>", 314, "<code>example.org</code>")
     <td>("<code>https</code>", "<code>example.org</code>", 420, "<code>example.org</code>")
     <td>❌
     <td>✅
    <tr><td>("<code>https</code>", "<code>example.org</code>", null, null)
     <td>("<code>https</code>", "<code>example.org</code>", null, "<code>example.org</code>")
     <td>✅
     <td>❌
    <tr><td>("<code>https</code>", "<code>example.org</code>", null, "<code>example.org</code>")
     <td>("<code>http</code>", "<code>example.org</code>", null, "<code>example.org</code>")
     <td>❌
     <td>❌
   </table>
  </div>


  <h5 id=sites><span class=secno>7.1.1.1</span> Sites<a href=#sites class=self-link></a></h5>

  <p>A <dfn id=scheme-and-host>scheme-and-host</dfn> is a <a id=sites:tuple href=https://infra.spec.whatwg.org/#tuple data-x-internal=tuple>tuple</a> of a <dfn id=concept-scheme-and-host-scheme>scheme</dfn> (an <a id=sites:ascii-string href=https://infra.spec.whatwg.org/#ascii-string data-x-internal=ascii-string>ASCII string</a>) and a <dfn id=concept-scheme-and-host-host>host</dfn> (a <a href=https://url.spec.whatwg.org/#concept-host id=sites:concept-host data-x-internal=concept-host>host</a>).</p>

  <p>A <dfn id=site data-export="">site</dfn> is an <a href=#concept-origin-opaque id=sites:concept-origin-opaque>opaque origin</a> or a
  <a href=#scheme-and-host id=sites:scheme-and-host>scheme-and-host</a>.</p>

  

  <p>To <dfn id=obtain-a-site data-export="">obtain a site</dfn>, given an origin <var>origin</var>, run these steps:</p>

  <ol><li><p>If <var>origin</var> is an <a href=#concept-origin-opaque id=sites:concept-origin-opaque-2>opaque origin</a>,
   then return <var>origin</var>.<li><p>If <var>origin</var>'s <a href=#concept-origin-host id=sites:concept-origin-host>host</a>'s <a id=sites:registrable-domain href=https://url.spec.whatwg.org/#host-registrable-domain data-x-internal=registrable-domain>registrable
   domain</a> is null, then return (<var>origin</var>'s <a href=#concept-origin-scheme id=sites:concept-origin-scheme>scheme</a>, <var>origin</var>'s <a href=#concept-origin-host id=sites:concept-origin-host-2>host</a>).<li><p>Return (<var>origin</var>'s <a href=#concept-origin-scheme id=sites:concept-origin-scheme-2>scheme</a>,
   <var>origin</var>'s <a href=#concept-origin-host id=sites:concept-origin-host-3>host</a>'s <a id=sites:registrable-domain-2 href=https://url.spec.whatwg.org/#host-registrable-domain data-x-internal=registrable-domain>registrable
   domain</a>).</ol>

  <p>Two <a href=#site id=sites:site>sites</a>, <var>A</var> and <var>B</var>, are said to be <dfn data-dfn-for=site id=concept-site-same-site data-export="">same site</dfn> if the following algorithm
  returns true:</p>

  <ol><li><p>If <var>A</var> and <var>B</var> are the same <a href=#concept-origin-opaque id=sites:concept-origin-opaque-3>opaque
   origin</a>, then return true.<li><p>If <var>A</var> or <var>B</var> is an <a href=#concept-origin-opaque id=sites:concept-origin-opaque-4>opaque
   origin</a>, then return false.<li><p>If <var>A</var>'s and <var>B</var>'s <a href=#concept-scheme-and-host-scheme id=sites:concept-scheme-and-host-scheme>scheme</a> values are different, then return
   false.<li><p>If <var>A</var>'s and <var>B</var>'s <a href=#concept-scheme-and-host-host id=sites:concept-scheme-and-host-host>host</a> values are not <a href=https://url.spec.whatwg.org/#concept-host-equals id=sites:host-equals data-x-internal=host-equals>equal</a>, then return false.<li><p>Return true.</ol>

  <p>The <dfn id=serialization-of-a-site data-export="">serialization of a site</dfn> is the string obtained by applying the following
  algorithm to the given <a href=#site id=sites:site-2>site</a> <var>site</var>:</p>

  <ol><li><p>If <var>site</var> is an <a href=#concept-origin-opaque id=sites:concept-origin-opaque-5>opaque origin</a>, then
   return "<code>null</code>".<li><p>Let <var>result</var> be <var>site</var>[0].<li><p>Append "<code>://</code>" to <var>result</var>.<li><p>Append <var>site</var>[1], <a href=https://url.spec.whatwg.org/#concept-host-serializer id=sites:host-serializer data-x-internal=host-serializer>serialized</a>, to
   <var>result</var>.<li><p>Return <var>result</var>.</ol>

  <p class=warning>It needs to be clear from context that the serialized value is a site, not an
  origin, as there is not necessarily a syntactic difference between the two. For example, the
  origin ("<code>https</code>", "<code>shop.example</code>", null, null) and
  the site ("<code>https</code>", "<code>shop.example</code>") have the same
  serialization: "<code>https://shop.example</code>".</p>

  <p>Two <a href=#concept-origin id=sites:concept-origin>origins</a>, <var>A</var> and <var>B</var>, are said to be <dfn id=schemelessly-same-site data-export="">schemelessly same site</dfn> if the following algorithm returns true:</p>

  <ol><li><p>If <var>A</var> and <var>B</var> are the same <a href=#concept-origin-opaque id=sites:concept-origin-opaque-6>opaque
   origin</a>, then return true.<li>
    <p>If <var>A</var> and <var>B</var> are both <a href=#concept-origin-tuple id=sites:concept-origin-tuple>tuple
    origins</a>, then:</p>

    <ol><li><p>Let <var>hostA</var> be <var>A</var>'s <a href=#concept-origin-host id=sites:concept-origin-host-4>host</a>,
     and let <var>hostB</var> be <var>B</var>'s <a href=#concept-origin-host id=sites:concept-origin-host-5>host</a>.<li><p>If <var>hostA</var> <a href=https://url.spec.whatwg.org/#concept-host-equals id=sites:host-equals-2 data-x-internal=host-equals>equals</a> <var>hostB</var> and
     <var>hostA</var>'s <a id=sites:registrable-domain-3 href=https://url.spec.whatwg.org/#host-registrable-domain data-x-internal=registrable-domain>registrable domain</a> is null, then return true.<li><p>If <var>hostA</var>'s <a id=sites:registrable-domain-4 href=https://url.spec.whatwg.org/#host-registrable-domain data-x-internal=registrable-domain>registrable domain</a> <a href=https://url.spec.whatwg.org/#concept-host-equals id=sites:host-equals-3 data-x-internal=host-equals>equals</a> <var>hostB</var>'s <a id=sites:registrable-domain-5 href=https://url.spec.whatwg.org/#host-registrable-domain data-x-internal=registrable-domain>registrable domain</a> and is non-null, then
     return true.</ol>
   <li><p>Return false.</ol>

  <p>Two <a href=#concept-origin id=sites:concept-origin-2>origins</a>, <var>A</var> and <var>B</var>, are said to be <dfn id=same-site data-export="">same site</dfn> if the following algorithm returns true:</p>

  <ol><li><p>Let <var>siteA</var> be the result of <a href=#obtain-a-site id=sites:obtain-a-site>obtaining a
   site</a> given <var>A</var>.<li><p>Let <var>siteB</var> be the result of <a href=#obtain-a-site id=sites:obtain-a-site-2>obtaining a
   site</a> given <var>B</var>.<li><p>If <var>siteA</var> is <a href=#concept-site-same-site id=sites:concept-site-same-site>same site</a> with
   <var>siteB</var>, then return true.<li><p>Return false.</ol>

  

  <p class=note>Unlike the <a href=#same-origin id=sites:same-origin>same origin</a> and <a href=#same-origin-domain id=sites:same-origin-domain>same origin-domain</a> concepts,
  for <a href=#schemelessly-same-site id=sites:schemelessly-same-site>schemelessly same site</a> and <a href=#same-site id=sites:same-site>same site</a>, the <a href=#concept-origin-port id=sites:concept-origin-port>port</a> and <a href=#concept-origin-domain id=sites:concept-origin-domain>domain</a>
  components are ignored.</p>

  <p class=warning>For the reasons <a href=https://url.spec.whatwg.org/#warning-avoid-psl>explained in <cite>URL</cite></a>, the
  <a href=#same-site id=sites:same-site-2>same site</a> and <a href=#schemelessly-same-site id=sites:schemelessly-same-site-2>schemelessly same site</a> concepts should be avoided when
  possible, in favor of <a href=#same-origin id=sites:same-origin-2>same origin</a> checks.</p>

  <div id=example-same-site class=example><a href=#example-same-site class=self-link></a>
   

  <p>Given that <code>wildlife.museum</code>, <code>museum</code>, and <code>com</code> are <a href=https://url.spec.whatwg.org/#host-public-suffix id=sites:public-suffix data-x-internal=public-suffix>public suffixes</a> and that <code>example.com</code> is not:</p>

   <table><tr><th><var>A</var>
     <th><var>B</var>
     <th><a href=#schemelessly-same-site id=sites:schemelessly-same-site-3>schemelessly same site</a>
     <th><a href=#same-site id=sites:same-site-3>same site</a>
    <tr><td>("<code>https</code>", "<code>example.com</code>")
     <td>("<code>https</code>", "<code>sub.example.com</code>")
     <td>✅
     <td>✅
    <tr><td>("<code>https</code>", "<code>example.com</code>")
     <td>("<code>https</code>", "<code>sub.other.example.com</code>")
     <td>✅
     <td>✅
    <tr><td>("<code>https</code>", "<code>example.com</code>")
     <td>("<code>http</code>", "<code>non-secure.example.com</code>")
     <td>✅
     <td>❌
    <tr><td>("<code>https</code>", "<code>r.wildlife.museum</code>")
     <td>("<code>https</code>", "<code>sub.r.wildlife.museum</code>")
     <td>✅
     <td>✅
    <tr><td>("<code>https</code>", "<code>r.wildlife.museum</code>")
     <td>("<code>https</code>", "<code>sub.other.r.wildlife.museum</code>")
     <td>✅
     <td>✅
    <tr><td>("<code>https</code>", "<code>r.wildlife.museum</code>")
     <td>("<code>https</code>", "<code>other.wildlife.museum</code>")
     <td>❌
     <td>❌
    <tr><td>("<code>https</code>", "<code>r.wildlife.museum</code>")
     <td>("<code>https</code>", "<code>wildlife.museum</code>")
     <td>❌
     <td>❌
    <tr><td>("<code>https</code>", "<code>wildlife.museum</code>")
     <td>("<code>https</code>", "<code>wildlife.museum</code>")
     <td>✅
     <td>✅
    <tr><td>("<code>https</code>", "<code>example.com</code>")
     <td>("<code>https</code>", "<code>example.com.</code>")
     <td>❌
     <td>❌
   </table>

   <p>(Here we have omitted the <a href=#concept-origin-port id=sites:concept-origin-port-2>port</a> and <a href=#concept-origin-domain id=sites:concept-origin-domain-2>domain</a> components since they are not considered.)</p>
  </div>


  <h5 id=relaxing-the-same-origin-restriction><span class=secno>7.1.1.2</span> Relaxing the same-origin restriction<a href=#relaxing-the-same-origin-restriction class=self-link></a></h5>

  <dl class=domintro><dt><code><var>document</var>.<a href=#dom-document-domain id=dom-document-domain-dev>domain</a> [ = <var>domain</var> ]</code><dd>
    <p>Returns the current domain used for security checks.</p>

    <p>Can be set to a value that removes subdomains, to change the <a href=#concept-origin id=relaxing-the-same-origin-restriction:concept-origin>origin</a>'s <a href=#concept-origin-domain id=relaxing-the-same-origin-restriction:concept-origin-domain>domain</a> to allow pages on other subdomains of the same
    domain (if they do the same thing) to access each other. This enables pages on different hosts
    of a domain to synchronously access each other's DOMs.</p>

    <p>In sandboxed <code id=relaxing-the-same-origin-restriction:the-iframe-element><a href=iframe-embed-object.html#the-iframe-element>iframe</a></code>s, <code id=relaxing-the-same-origin-restriction:document><a href=dom.html#document>Document</a></code>s with <a href=#concept-origin-opaque id=relaxing-the-same-origin-restriction:concept-origin-opaque>opaque origins</a>, and <code id=relaxing-the-same-origin-restriction:document-2><a href=dom.html#document>Document</a></code>s without a <a href=document-sequences.html#concept-document-bc id=relaxing-the-same-origin-restriction:concept-document-bc>browsing context</a>, the setter will
    throw a <a id=relaxing-the-same-origin-restriction:securityerror href=https://webidl.spec.whatwg.org/#securityerror data-x-internal=securityerror>"<code>SecurityError</code>"</a> exception. In cases where <code id=relaxing-the-same-origin-restriction:dom-crossoriginisolated><a href=webappapis.html#dom-crossoriginisolated>crossOriginIsolated</a></code> or <code id=relaxing-the-same-origin-restriction:dom-originagentcluster><a href=#dom-originagentcluster>originAgentCluster</a></code> return true, the setter will do
    nothing.</p>
   </dl>

  <div class=critical>
   <p>Avoid using the <code id=relaxing-the-same-origin-restriction:dom-document-domain><a href=#dom-document-domain>document.domain</a></code> setter. It
   undermines the security protections provided by the same-origin policy. This is especially acute
   when using shared hosting; for example, if an untrusted third party is able to host an HTTP
   server at the same IP address but on a different port, then the same-origin protection that
   normally protects two different sites on the same host will fail, as the ports are ignored when
   comparing origins after the <code id=relaxing-the-same-origin-restriction:dom-document-domain-2><a href=#dom-document-domain>document.domain</a></code> setter has
   been used.</p>

   <p>Because of these security pitfalls, this feature is in the process of being removed from the
   web platform. (This is a long process that takes many years.)</p>

   <p>Instead, use <code id=relaxing-the-same-origin-restriction:dom-window-postmessage><a href=web-messaging.html#dom-window-postmessage>postMessage()</a></code> or
   <code id=relaxing-the-same-origin-restriction:messagechannel><a href=web-messaging.html#messagechannel>MessageChannel</a></code> objects to communicate across origins in a safe manner.</p>
  </div>

  

  <p>The <dfn data-dfn-for=Document id=dom-document-domain data-dfn-type=attribute><code>domain</code></dfn>
  getter steps are:</p>

  <ol><li><p>Let <var>effectiveDomain</var> be <a id=relaxing-the-same-origin-restriction:this href=https://webidl.spec.whatwg.org/#this data-x-internal=this>this</a>'s <a href=https://dom.spec.whatwg.org/#concept-document-origin id=relaxing-the-same-origin-restriction:concept-document-origin data-x-internal=concept-document-origin>origin</a>'s <a href=#concept-origin-effective-domain id=relaxing-the-same-origin-restriction:concept-origin-effective-domain>effective domain</a>.

   <li><p>If <var>effectiveDomain</var> is null, then return the empty string.<li><p>Return <var>effectiveDomain</var>, <a href=https://url.spec.whatwg.org/#concept-host-serializer id=relaxing-the-same-origin-restriction:host-serializer data-x-internal=host-serializer>serialized</a>.</ol>

  <p>The <code id=relaxing-the-same-origin-restriction:dom-document-domain-3><a href=#dom-document-domain>domain</a></code> setter steps are:</p>

  <ol><li><p>If <a id=relaxing-the-same-origin-restriction:this-2 href=https://webidl.spec.whatwg.org/#this data-x-internal=this>this</a>'s <a href=document-sequences.html#concept-document-bc id=relaxing-the-same-origin-restriction:concept-document-bc-2>browsing context</a> is
   null, then throw a <a id=relaxing-the-same-origin-restriction:securityerror-2 href=https://webidl.spec.whatwg.org/#securityerror data-x-internal=securityerror>"<code>SecurityError</code>"</a> <code id=relaxing-the-same-origin-restriction:domexception><a data-x-internal=domexception href=https://webidl.spec.whatwg.org/#dfn-DOMException>DOMException</a></code>.<li><p>If <a id=relaxing-the-same-origin-restriction:this-3 href=https://webidl.spec.whatwg.org/#this data-x-internal=this>this</a>'s <a href=#active-sandboxing-flag-set id=relaxing-the-same-origin-restriction:active-sandboxing-flag-set>active sandboxing flag set</a> has its <a href=#sandboxed-document.domain-browsing-context-flag id=relaxing-the-same-origin-restriction:sandboxed-document.domain-browsing-context-flag>sandboxed
   <code>document.domain</code> browsing context flag</a> set, then
   throw a <a id=relaxing-the-same-origin-restriction:securityerror-3 href=https://webidl.spec.whatwg.org/#securityerror data-x-internal=securityerror>"<code>SecurityError</code>"</a> <code id=relaxing-the-same-origin-restriction:domexception-2><a data-x-internal=domexception href=https://webidl.spec.whatwg.org/#dfn-DOMException>DOMException</a></code>.<li><p>Let <var>effectiveDomain</var> be <a id=relaxing-the-same-origin-restriction:this-4 href=https://webidl.spec.whatwg.org/#this data-x-internal=this>this</a>'s <a href=https://dom.spec.whatwg.org/#concept-document-origin id=relaxing-the-same-origin-restriction:concept-document-origin-2 data-x-internal=concept-document-origin>origin</a>'s <a href=#concept-origin-effective-domain id=relaxing-the-same-origin-restriction:concept-origin-effective-domain-2>effective domain</a>.

   <li><p>If <var>effectiveDomain</var> is null, then throw a
   <a id=relaxing-the-same-origin-restriction:securityerror-4 href=https://webidl.spec.whatwg.org/#securityerror data-x-internal=securityerror>"<code>SecurityError</code>"</a> <code id=relaxing-the-same-origin-restriction:domexception-3><a data-x-internal=domexception href=https://webidl.spec.whatwg.org/#dfn-DOMException>DOMException</a></code>.<li><p>If the given value <a href=#is-a-registrable-domain-suffix-of-or-is-equal-to id=relaxing-the-same-origin-restriction:is-a-registrable-domain-suffix-of-or-is-equal-to>is not
   a registrable domain suffix of and is not equal to</a> <var>effectiveDomain</var>, then throw
   a <a id=relaxing-the-same-origin-restriction:securityerror-5 href=https://webidl.spec.whatwg.org/#securityerror data-x-internal=securityerror>"<code>SecurityError</code>"</a> <code id=relaxing-the-same-origin-restriction:domexception-4><a data-x-internal=domexception href=https://webidl.spec.whatwg.org/#dfn-DOMException>DOMException</a></code>.<li><p>If the <a id=relaxing-the-same-origin-restriction:surrounding-agent href=https://tc39.es/ecma262/#surrounding-agent data-x-internal=surrounding-agent>surrounding agent</a>'s <a id=relaxing-the-same-origin-restriction:agent-cluster href=https://tc39.es/ecma262/#sec-agent-clusters data-x-internal=agent-cluster>agent cluster</a>'s <a id=relaxing-the-same-origin-restriction:is-origin-keyed href=webappapis.html#is-origin-keyed>is
   origin-keyed</a> is true, then return.<li><p>Set <a id=relaxing-the-same-origin-restriction:this-5 href=https://webidl.spec.whatwg.org/#this data-x-internal=this>this</a>'s <a href=https://dom.spec.whatwg.org/#concept-document-origin id=relaxing-the-same-origin-restriction:concept-document-origin-3 data-x-internal=concept-document-origin>origin</a>'s <a href=#concept-origin-domain id=relaxing-the-same-origin-restriction:concept-origin-domain-2>domain</a> to the result of <a href=https://url.spec.whatwg.org/#concept-host-parser id=relaxing-the-same-origin-restriction:host-parser data-x-internal=host-parser>parsing</a> the given value.</ol>

  <p>To determine if a <a id=relaxing-the-same-origin-restriction:scalar-value-string href=https://infra.spec.whatwg.org/#scalar-value-string data-x-internal=scalar-value-string>scalar value string</a> <var>hostSuffixString</var> <dfn id=is-a-registrable-domain-suffix-of-or-is-equal-to data-lt="is a registrable domain suffix of or is equal to|is not a registrable domain suffix of
  and is not equal to" data-export="">is a registrable domain suffix of or is equal to</dfn> a <a href=https://url.spec.whatwg.org/#concept-host id=relaxing-the-same-origin-restriction:concept-host data-x-internal=concept-host>host</a> <var>originalHost</var>:</p>
  

  <ol><li><p>If <var>hostSuffixString</var> is the empty string, then return false.<li><p>Let <var>hostSuffix</var> be the result of <a href=https://url.spec.whatwg.org/#concept-host-parser id=relaxing-the-same-origin-restriction:host-parser-2 data-x-internal=host-parser>parsing</a>
   <var>hostSuffixString</var>.<li><p>If <var>hostSuffix</var> is failure, then return false.<li>
    <p>If <var>hostSuffix</var> does not <a href=https://url.spec.whatwg.org/#concept-host-equals id=relaxing-the-same-origin-restriction:host-equals data-x-internal=host-equals>equal</a>
    <var>originalHost</var>, then:</p>

    <ol><li>
      <p>If <var>hostSuffix</var> or <var>originalHost</var> is not a <a href=https://url.spec.whatwg.org/#concept-domain id=relaxing-the-same-origin-restriction:concept-domain data-x-internal=concept-domain>domain</a>, then return false.</p>

      <p class=note>This excludes <a href=https://url.spec.whatwg.org/#concept-host id=relaxing-the-same-origin-restriction:concept-host-2 data-x-internal=concept-host>hosts</a> that are <a href=https://url.spec.whatwg.org/#ip-address id=relaxing-the-same-origin-restriction:ip-address data-x-internal=ip-address>IP addresses</a>.</p>
     <li><p>If <var>hostSuffix</var>, prefixed by U+002E (.), does not match the end of
     <var>originalHost</var>, then return false.<li>
      <p>If any of the following are true:</p>

      <ul><li><p><var>hostSuffix</var> <a href=https://url.spec.whatwg.org/#concept-host-equals id=relaxing-the-same-origin-restriction:host-equals-2 data-x-internal=host-equals>equals</a>
       <var>hostSuffix</var>'s <a id=relaxing-the-same-origin-restriction:public-suffix href=https://url.spec.whatwg.org/#host-public-suffix data-x-internal=public-suffix>public suffix</a>; or<li><p><var>hostSuffix</var>, prefixed by U+002E (.), matches the end of
       <var>originalHost</var>'s <a id=relaxing-the-same-origin-restriction:public-suffix-2 href=https://url.spec.whatwg.org/#host-public-suffix data-x-internal=public-suffix>public suffix</a>,</ul>

      <p>then return false. <a href=references.html#refsURL>[URL]</a></p>
     <li><p><a id=relaxing-the-same-origin-restriction:assert href=https://infra.spec.whatwg.org/#assert data-x-internal=assert>Assert</a>: <var>originalHost</var>'s <a id=relaxing-the-same-origin-restriction:public-suffix-3 href=https://url.spec.whatwg.org/#host-public-suffix data-x-internal=public-suffix>public suffix</a>, prefixed by
     U+002E (.), matches the end of <var>hostSuffix</var>.</ol>
   <li><p>Return true.</ol>

  <div id=example-registrable-domain-suffix class=example><a href=#example-registrable-domain-suffix class=self-link></a>
   <table><tr><th><var>hostSuffixString</var><th><var>originalHost</var><th>Outcome of <a href=#is-a-registrable-domain-suffix-of-or-is-equal-to id=relaxing-the-same-origin-restriction:is-a-registrable-domain-suffix-of-or-is-equal-to-2>is a registrable domain suffix of or is equal to</a><th>Notes<tr><td>"<code>0.0.0.0</code>"<td><code>0.0.0.0</code><td>✅<td><tr><td>"<code>0x10203</code>"<td><code>0.1.2.3</code><td>✅<td><tr><td>"<code>[0::1]</code>"<td><code>::1</code><td>✅<td><tr><td>"<code>example.com</code>"<td><code>example.com</code><td>✅<td><tr><td>"<code>example.com</code>"<td><code>example.com.</code><td>❌<td rowspan=2>Trailing dot is significant.<tr><td>"<code>example.com.</code>"<td><code>example.com</code><td>❌<tr><td>"<code>example.com</code>"<td><code>www.example.com</code><td>✅<td><tr><td>"<code>com</code>"<td><code>example.com</code><td>❌<td>At the time of writing, <code>com</code> is a public suffix.<tr><td>"<code>example</code>"<td><code>example</code><td>✅<td><tr><td>"<code>compute.amazonaws.com</code>"<td><code>example.compute.amazonaws.com</code><td>❌<td rowspan=3>At the time of writing, <code><var>*</var>.compute.amazonaws.com</code> is a public suffix.<tr><td>"<code>example.compute.amazonaws.com</code>"<td><code>www.example.compute.amazonaws.com</code><td>❌<tr><td>"<code>amazonaws.com</code>"<td><code>www.example.compute.amazonaws.com</code><td>❌<tr><td>"<code>amazonaws.com</code>"<td><code>test.amazonaws.com</code><td>✅<td>At the time of writing, <code>amazonaws.com</code> is a registrable domain.</table>
  </div>

  


  <h4 id=origin-keyed-agent-clusters><span class=secno>7.1.2</span> <span id=origin-isolation></span>Origin-keyed agent clusters<a href=#origin-keyed-agent-clusters class=self-link></a></h4>

  <dl class=domintro><dt><code>window.<a href=#dom-originagentcluster id=dom-originagentcluster-dev>originAgentCluster</a></code><dd>
    <p>Returns true if this <code id=origin-keyed-agent-clusters:window><a href=nav-history-apis.html#window>Window</a></code> belongs to an <a id=origin-keyed-agent-clusters:agent-cluster href=https://tc39.es/ecma262/#sec-agent-clusters data-x-internal=agent-cluster>agent cluster</a> which is
    <a href=#concept-origin id=origin-keyed-agent-clusters:concept-origin>origin</a>-<a href=webappapis.html#agent-cluster-key id=origin-keyed-agent-clusters:agent-cluster-key>keyed</a>, in the manner described in
    this section.</p>
   </dl>

  <p>A <code id=origin-keyed-agent-clusters:document><a href=dom.html#document>Document</a></code> delivered over a <a id=origin-keyed-agent-clusters:secure-context href=webappapis.html#secure-context>secure context</a> can request that it be
  placed in an <a href=#concept-origin id=origin-keyed-agent-clusters:concept-origin-2>origin</a>-<a href=webappapis.html#agent-cluster-key id=origin-keyed-agent-clusters:agent-cluster-key-2>keyed</a> <a id=origin-keyed-agent-clusters:agent-cluster-2 href=https://tc39.es/ecma262/#sec-agent-clusters data-x-internal=agent-cluster>agent
  cluster</a>, by using the `<dfn id=origin-agent-cluster data-dfn-type=http-header><code>Origin-Agent-Cluster</code></dfn>` HTTP
  response header. This header is a <a href=https://httpwg.org/specs/rfc8941.html id=origin-keyed-agent-clusters:http-structured-header data-x-internal=http-structured-header>structured header</a>
  whose value must be a <a href=https://httpwg.org/specs/rfc8941.html#boolean id=origin-keyed-agent-clusters:http-structured-header-boolean data-x-internal=http-structured-header-boolean>boolean</a>.
  <a href=references.html#refsSTRUCTURED-FIELDS>[STRUCTURED-FIELDS]</a></p>

  <p>Per the processing model in the <a href=document-lifecycle.html#initialise-the-document-object id=origin-keyed-agent-clusters:initialise-the-document-object>create
  and initialize a new <code>Document</code> object</a>, values
  that are not the <a href=https://httpwg.org/specs/rfc8941.html#boolean id=origin-keyed-agent-clusters:http-structured-header-boolean-2 data-x-internal=http-structured-header-boolean>structured header boolean</a>
  true value (i.e., `<code>?1</code>`) will be ignored.</p>

  <p>The consequences of using this header are that the resulting
  <code id=origin-keyed-agent-clusters:document-2><a href=dom.html#document>Document</a></code>'s <a id=origin-keyed-agent-clusters:agent-cluster-key-3 href=webappapis.html#agent-cluster-key>agent cluster key</a> is its <a href=https://dom.spec.whatwg.org/#concept-document-origin id=origin-keyed-agent-clusters:concept-document-origin data-x-internal=concept-document-origin>origin</a>, instead of the <a href=#obtain-a-site id=origin-keyed-agent-clusters:obtain-a-site>corresponding site</a>. In terms of observable effects, this means that
  attempting to <a href=#relaxing-the-same-origin-restriction>relax the same-origin
  restriction</a> using <code id=origin-keyed-agent-clusters:dom-document-domain><a href=#dom-document-domain>document.domain</a></code> will instead do
  nothing, and it will not be possible to send <code id=origin-keyed-agent-clusters:webassembly.module><a data-x-internal=webassembly.module href=https://webassembly.github.io/spec/js-api/#module>WebAssembly.Module</a></code> objects to
  cross-origin <code id=origin-keyed-agent-clusters:document-3><a href=dom.html#document>Document</a></code>s (even if they are <a href=#same-site id=origin-keyed-agent-clusters:same-site>same site</a>). Behind the scenes,
  this isolation can allow user agents to allocate implementation-specific resources corresponding
  to <a href=https://tc39.es/ecma262/#sec-agent-clusters id=origin-keyed-agent-clusters:agent-cluster-3 data-x-internal=agent-cluster>agent clusters</a>, such as processes or threads, more
  efficiently.</p>

  <p>Note that within a <a id=origin-keyed-agent-clusters:browsing-context-group href=document-sequences.html#browsing-context-group>browsing context group</a>, the
  `<code id=origin-keyed-agent-clusters:origin-agent-cluster><a href=#origin-agent-cluster>Origin-Agent-Cluster</a></code>` header can never cause same-origin <code id=origin-keyed-agent-clusters:document-4><a href=dom.html#document>Document</a></code>
  objects to end up in different <a href=https://tc39.es/ecma262/#sec-agent-clusters id=origin-keyed-agent-clusters:agent-cluster-4 data-x-internal=agent-cluster>agent clusters</a>, even if one
  sends the header and the other doesn't. This is prevented by means of the
  <a id=origin-keyed-agent-clusters:historical-agent-cluster-key-map href=document-sequences.html#historical-agent-cluster-key-map>historical agent cluster key map</a>.</p>

  <p class=note>This means that the <code id=origin-keyed-agent-clusters:dom-originagentcluster><a href=#dom-originagentcluster>originAgentCluster</a></code> getter can return false, even if the
  header is set, if the header was omitted on a previously-loaded same-origin page in the same
  <a id=origin-keyed-agent-clusters:browsing-context-group-2 href=document-sequences.html#browsing-context-group>browsing context group</a>. Similarly, it can return true even when the header is not
  set.</p>

  <p>The <dfn data-dfn-for=Window id=dom-originagentcluster data-dfn-type=attribute><code>originAgentCluster</code></dfn> getter steps are to return the
  <a id=origin-keyed-agent-clusters:surrounding-agent href=https://tc39.es/ecma262/#surrounding-agent data-x-internal=surrounding-agent>surrounding agent</a>'s <a id=origin-keyed-agent-clusters:agent-cluster-5 href=https://tc39.es/ecma262/#sec-agent-clusters data-x-internal=agent-cluster>agent cluster</a>'s <a id=origin-keyed-agent-clusters:is-origin-keyed href=webappapis.html#is-origin-keyed>is origin-keyed</a>.</p>

  <p class=note><code id=origin-keyed-agent-clusters:document-5><a href=dom.html#document>Document</a></code>s with an <a href=#concept-origin-opaque id=origin-keyed-agent-clusters:concept-origin-opaque>opaque
  origin</a> can be considered unconditionally origin-keyed; for them the header has no effect,
  and the <code id=origin-keyed-agent-clusters:dom-originagentcluster-2><a href=#dom-originagentcluster>originAgentCluster</a></code> getter will always return
  true.</p>

  <p class=note>Similarly, <code id=origin-keyed-agent-clusters:document-6><a href=dom.html#document>Document</a></code>s whose <a id=origin-keyed-agent-clusters:agent-cluster-6 href=https://tc39.es/ecma262/#sec-agent-clusters data-x-internal=agent-cluster>agent cluster</a>'s <a href=webappapis.html#agent-cluster-cross-origin-isolation id=origin-keyed-agent-clusters:agent-cluster-cross-origin-isolation>cross-origin isolation mode</a> is not "<code id=origin-keyed-agent-clusters:cross-origin-isolation-none><a href=document-sequences.html#cross-origin-isolation-none>none</a></code>" are automatically origin-keyed. The
  `<code id=origin-keyed-agent-clusters:origin-agent-cluster-2><a href=#origin-agent-cluster>Origin-Agent-Cluster</a></code>` header might be useful as an additional hint to
  implementations about resource allocation, since the `<code id=origin-keyed-agent-clusters:cross-origin-opener-policy-2><a href=#cross-origin-opener-policy-2>Cross-Origin-Opener-Policy</a></code>`
  and `<code id=origin-keyed-agent-clusters:cross-origin-embedder-policy><a href=#cross-origin-embedder-policy>Cross-Origin-Embedder-Policy</a></code>` headers used to achieve cross-origin isolation
  are more about ensuring that everything in the same address space opts in to being there. But
  adding it would have no additional observable effects on author code.</p>


  <h4 id=cross-origin-opener-policies><span class=secno>7.1.3</span> Cross-origin opener policies<a href=#cross-origin-opener-policies class=self-link></a></h4>

  <p>An <dfn id=cross-origin-opener-policy-value>opener policy value</dfn> allows a document which
  is navigated to in a <a id=cross-origin-opener-policies:top-level-browsing-context href=document-sequences.html#top-level-browsing-context>top-level browsing context</a> to force the creation of a new
  <a id=cross-origin-opener-policies:top-level-browsing-context-2 href=document-sequences.html#top-level-browsing-context>top-level browsing context</a>, and a corresponding <a href=document-sequences.html#tlbc-group id=cross-origin-opener-policies:tlbc-group>group</a>. The possible values are:</p>

  <dl><dt>"<dfn id=coop-unsafe-none><code>unsafe-none</code></dfn>"<dd><p>This is the (current) default and means that the document will occupy the same
   <a id=cross-origin-opener-policies:top-level-browsing-context-3 href=document-sequences.html#top-level-browsing-context>top-level browsing context</a> as its predecessor, unless that document specified a
   different <a href=#cross-origin-opener-policy id=cross-origin-opener-policies:cross-origin-opener-policy>opener policy</a>.<dt>"<dfn id=coop-same-origin-allow-popups><code>same-origin-allow-popups</code></dfn>"<dd><p>This forces the creation of a new <a id=cross-origin-opener-policies:top-level-browsing-context-4 href=document-sequences.html#top-level-browsing-context>top-level browsing context</a> for the
   document, unless its predecessor specified the same <a href=#cross-origin-opener-policy id=cross-origin-opener-policies:cross-origin-opener-policy-2>opener policy</a> and they are
   <a href=#same-origin id=cross-origin-opener-policies:same-origin>same origin</a>.<dt>"<dfn id=coop-same-origin><code>same-origin</code></dfn>"<dd><p>This behaves the same as "<code id=cross-origin-opener-policies:coop-same-origin-allow-popups><a href=#coop-same-origin-allow-popups>same-origin-allow-popups</a></code>", with the addition that
   any <a id=cross-origin-opener-policies:auxiliary-browsing-context href=document-sequences.html#auxiliary-browsing-context>auxiliary browsing context</a> created needs to contain <a href=#same-origin id=cross-origin-opener-policies:same-origin-2>same origin</a>
   documents that also have the same <a href=#cross-origin-opener-policy id=cross-origin-opener-policies:cross-origin-opener-policy-3>opener policy</a> or it will appear closed to the
   opener.<dt>"<dfn id=coop-same-origin-plus-coep><code>same-origin-plus-COEP</code></dfn>"<dd>
    <p>This behaves the same as "<code id=cross-origin-opener-policies:coop-same-origin><a href=#coop-same-origin>same-origin</a></code>", with the
    addition that it sets the (new) <a id=cross-origin-opener-policies:top-level-browsing-context-5 href=document-sequences.html#top-level-browsing-context>top-level browsing context</a>'s <a href=document-sequences.html#tlbc-group id=cross-origin-opener-policies:tlbc-group-2>group</a>'s <a href=document-sequences.html#bcg-cross-origin-isolation id=cross-origin-opener-policies:bcg-cross-origin-isolation>cross-origin isolation
    mode</a> to one of "<code id=cross-origin-opener-policies:cross-origin-isolation-logical><a href=document-sequences.html#cross-origin-isolation-logical>logical</a></code>" or "<code id=cross-origin-opener-policies:cross-origin-isolation-concrete><a href=document-sequences.html#cross-origin-isolation-concrete>concrete</a></code>".</p>

    <p class=note>"<code id=cross-origin-opener-policies:coop-same-origin-plus-coep><a href=#coop-same-origin-plus-coep>same-origin-plus-COEP</a></code>" cannot
    be directly set via the `<code id=cross-origin-opener-policies:cross-origin-opener-policy-2-2><a href=#cross-origin-opener-policy-2>Cross-Origin-Opener-Policy</a></code>` header, but results from a
    combination of setting both `<code><a href=#cross-origin-opener-policy-2 id=cross-origin-opener-policies:cross-origin-opener-policy-2-3>Cross-Origin-Opener-Policy</a>: <a href=#coop-same-origin id=cross-origin-opener-policies:coop-same-origin-2>same-origin</a></code>` and a
    `<code id=cross-origin-opener-policies:cross-origin-embedder-policy><a href=#cross-origin-embedder-policy>Cross-Origin-Embedder-Policy</a></code>` header whose value is <a href=#compatible-with-cross-origin-isolation id=cross-origin-opener-policies:compatible-with-cross-origin-isolation>compatible with
    cross-origin isolation</a> together.</p>
   <dt>"<dfn id=coop-noopener-allow-popups><code>noopener-allow-popups</code></dfn>"<dd>
    <p>This forces the creation of a new <a id=cross-origin-opener-policies:top-level-browsing-context-6 href=document-sequences.html#top-level-browsing-context>top-level browsing context</a> for the document,
    regardless of its predecessor.</p>

    <div class=note>
     <p>While including a <code id=cross-origin-opener-policies:coop-noopener-allow-popups><a href=#coop-noopener-allow-popups>noopener-allow-popups</a></code> value severs the opener
     relationship between the document on which it is applied and its opener, it does not create a
     robust security boundary between those same-origin documents.</p>

     <p>Other risks from same-origin applications include:</p>

     <ul><li><p>Same-origin requests fetching the document's content — could be mitigated through
      Fetch Metadata filtering. <a href=references.html#refsFETCHMETADATA>[FETCHMETADATA]</a><li><p>Same-origin framing - could be mitigated through <code id=cross-origin-opener-policies:x-frame-options><a href=speculative-loading.html#x-frame-options>X-Frame-Options</a></code> or CSP
      <code id=cross-origin-opener-policies:frame-ancestors-directive><a data-x-internal=frame-ancestors-directive href=https://w3c.github.io/webappsec-csp/#frame-ancestors>frame-ancestors</a></code>.<li><p>JavaScript accessible cookies - can be mitigated by ensuring all cookies are <code>httponly</code>.<li><p><code id=cross-origin-opener-policies:dom-localstorage><a href=webstorage.html#dom-localstorage>localStorage</a></code> access to sensitive data.<li><p>Service worker installation.<li><p><a href=https://w3c.github.io/ServiceWorker/#cache>Cache API</a> manipulation or
      access to sensitive data. <a href=references.html#refsSW>[SW]</a><li><p><code>postMessage</code> or <code id=cross-origin-opener-policies:broadcastchannel><a href=web-messaging.html#broadcastchannel>BroadcastChannel</a></code> messaging that
      exposes sensitive information.<li><p>Autofill which may not require user interaction for same-origin documents.</ul>

     <p>Developers using <code id=cross-origin-opener-policies:coop-noopener-allow-popups-2><a href=#coop-noopener-allow-popups>noopener-allow-popups</a></code>
     need to make sure that their sensitive applications don't rely on client-side features
     accessible to other same-origin documents, e.g., <code id=cross-origin-opener-policies:dom-localstorage-2><a href=webstorage.html#dom-localstorage>localStorage</a></code> and other client-side storage APIs,
     <code id=cross-origin-opener-policies:broadcastchannel-2><a href=web-messaging.html#broadcastchannel>BroadcastChannel</a></code> and related same-origin communication mechanisms. They also need
     to make sure that their server-side endpoints don't return sensitive data to non-navigation
     requests, whose response content is accessible to same-origin
     documents.</p>
    </div>
   </dl>

  

  <p>An <dfn id=cross-origin-opener-policy>opener policy</dfn> consists of:</p>

  <ul><li><p>A <dfn id=coop-struct-value>value</dfn>, which is an <a href=#cross-origin-opener-policy-value id=cross-origin-opener-policies:cross-origin-opener-policy-value>opener policy value</a>, initially "<code id=cross-origin-opener-policies:coop-unsafe-none><a href=#coop-unsafe-none>unsafe-none</a></code>".<li><p>A <dfn id=coop-struct-report-endpoint>reporting endpoint</dfn>, which is string or
   null, initially null.<li><p>A <dfn id=coop-struct-report-only-value>report-only value</dfn>, which is an <a href=#cross-origin-opener-policy-value id=cross-origin-opener-policies:cross-origin-opener-policy-value-2>opener policy value</a>, initially "<code id=cross-origin-opener-policies:coop-unsafe-none-2><a href=#coop-unsafe-none>unsafe-none</a></code>".<li><p>A <dfn id=coop-struct-report-only-endpoint>report-only reporting endpoint</dfn>,
   which is a string or null, initially null.</ul>

  <p>To <dfn id=matching-coop>match opener policy values</dfn>, given an <a href=#cross-origin-opener-policy-value id=cross-origin-opener-policies:cross-origin-opener-policy-value-3>opener policy
  value</a> <var>documentCOOP</var>, an <a href=#concept-origin id=cross-origin-opener-policies:concept-origin>origin</a> <var>documentOrigin</var>, an
  <a href=#cross-origin-opener-policy-value id=cross-origin-opener-policies:cross-origin-opener-policy-value-4>opener policy value</a> <var>responseCOOP</var>, and an <a href=#concept-origin id=cross-origin-opener-policies:concept-origin-2>origin</a>
  <var>responseOrigin</var>:</p>

  <ol><li><p>If <var>documentCOOP</var> is "<code id=cross-origin-opener-policies:coop-unsafe-none-3><a href=#coop-unsafe-none>unsafe-none</a></code>" and
   <var>responseCOOP</var> is "<code id=cross-origin-opener-policies:coop-unsafe-none-4><a href=#coop-unsafe-none>unsafe-none</a></code>", then return
   true.<li><p>If <var>documentCOOP</var> is "<code id=cross-origin-opener-policies:coop-unsafe-none-5><a href=#coop-unsafe-none>unsafe-none</a></code>" or
   <var>responseCOOP</var> is "<code id=cross-origin-opener-policies:coop-unsafe-none-6><a href=#coop-unsafe-none>unsafe-none</a></code>", then return
   false.<li><p>If <var>documentCOOP</var> is <var>responseCOOP</var> and <var>documentOrigin</var> is
   <a href=#same-origin id=cross-origin-opener-policies:same-origin-3>same origin</a> with <var>responseOrigin</var>, then return true.<li><p>Return false.</ol>

  


  <h5 id=the-coop-headers><span class=secno>7.1.3.1</span> The headers<a href=#the-coop-headers class=self-link></a></h5><div class="mdn-anno wrapped"><button onclick=toggleStatus(this) class=mdn-anno-btn><b title="Support in all current engines." class=all-engines-flag>✔</b><span>MDN</span></button><div class=feature><p><a href=https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy title="The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents.">Headers/Cross-Origin-Opener-Policy</a><p class=all-engines-text>Support in all current engines.<div class=support><span class="firefox yes"><span>Firefox</span><span>79+</span></span><span class="safari yes"><span>Safari</span><span>15.2+</span></span><span class="chrome yes"><span>Chrome</span><span>83+</span></span><hr><span class="opera no"><span>Opera</span><span>No</span></span><span class="edge_blink yes"><span>Edge</span><span>83+</span></span><hr><span class="edge unknown"><span>Edge (Legacy)</span><span>?</span></span><span class="ie no"><span>Internet Explorer</span><span>No</span></span><hr><span class="firefox_android unknown"><span>Firefox Android</span><span>?</span></span><span class="safari_ios unknown"><span>Safari iOS</span><span>?</span></span><span class="chrome_android unknown"><span>Chrome Android</span><span>?</span></span><span class="webview_android no"><span>WebView Android</span><span>No</span></span><span class="samsunginternet_android unknown"><span>Samsung Internet</span><span>?</span></span><span class="opera_android no"><span>Opera Android</span><span>No</span></span></div></div></div>

  <p>A <code id=the-coop-headers:document><a href=dom.html#document>Document</a></code>'s <a href=dom.html#concept-document-coop id=the-coop-headers:concept-document-coop>cross-origin opener
  policy</a> is derived from the `<dfn id=cross-origin-opener-policy-2 data-dfn-type=http-header><code>Cross-Origin-Opener-Policy</code></dfn>` and `<dfn id=cross-origin-opener-policy-report-only data-dfn-type=http-header><code>Cross-Origin-Opener-Policy-Report-Only</code></dfn>` HTTP response headers.
  These headers are <a href=https://httpwg.org/specs/rfc8941.html id=the-coop-headers:http-structured-header data-x-internal=http-structured-header>structured headers</a> whose value must
  be a <a href=https://httpwg.org/specs/rfc8941.html#token id=the-coop-headers:http-structured-header-token data-x-internal=http-structured-header-token>token</a>. <a href=references.html#refsSTRUCTURED-FIELDS>[STRUCTURED-FIELDS]</a></p>

  <p>The valid <a href=https://httpwg.org/specs/rfc8941.html#token id=the-coop-headers:http-structured-header-token-2 data-x-internal=http-structured-header-token>token</a> values are the <a href=#cross-origin-opener-policy-value id=the-coop-headers:cross-origin-opener-policy-value>opener policy values</a>. The token may also have
  attached <a href=https://httpwg.org/specs/rfc8941.html#param id=the-coop-headers:http-structured-header-parameters data-x-internal=http-structured-header-parameters>parameters</a>; of these, the "<dfn id=coop-report-to><code>report-to</code></dfn>" parameter can have a <a id=the-coop-headers:valid-url-string href=https://url.spec.whatwg.org/#valid-url-string data-x-internal=valid-url-string>valid URL
  string</a> identifying an appropriate reporting endpoint. <a href=references.html#refsREPORTING>[REPORTING]</a></p>

  <p class=note>Per the processing model described below, user agents will ignore this header if it contains an invalid value. Likewise, user
  agents will ignore this header if the value cannot be parsed as a <a href=https://httpwg.org/specs/rfc8941.html#token id=the-coop-headers:http-structured-header-token-3 data-x-internal=http-structured-header-token>token</a>.</p>

  

  <hr>

  <p>To <dfn id=obtain-coop>obtain an opener policy</dfn> given a <a href=https://fetch.spec.whatwg.org/#concept-response id=the-coop-headers:concept-response data-x-internal=concept-response>response</a> <var>response</var> and an <a id=the-coop-headers:environment href=webappapis.html#environment>environment</a>
  <var>reservedEnvironment</var>:</p>

  <ol><li><p>Let <var>policy</var> be a new <a href=#cross-origin-opener-policy id=the-coop-headers:cross-origin-opener-policy>opener policy</a>.<li><p>If <var>reservedEnvironment</var> is a <a id=the-coop-headers:non-secure-context href=webappapis.html#non-secure-context>non-secure context</a>, then return
   <var>policy</var>.<li><p>Let <var>parsedItem</var> be the result of <a id=the-coop-headers:getting-a-structured-field-value href=https://fetch.spec.whatwg.org/#concept-header-list-get-structured-header data-x-internal=getting-a-structured-field-value>getting a structured field value</a>
   given `<code id=the-coop-headers:cross-origin-opener-policy-2><a href=#cross-origin-opener-policy-2>Cross-Origin-Opener-Policy</a></code>` and "<code>item</code>" from
   <var>response</var>'s <a href=https://fetch.spec.whatwg.org/#concept-response-header-list id=the-coop-headers:concept-response-header-list data-x-internal=concept-response-header-list>header list</a>.<li>
    <p>If <var>parsedItem</var> is not null, then:</p>

    <ol><li>
      <p>If <var>parsedItem</var>[0] is "<code id=the-coop-headers:coop-same-origin><a href=#coop-same-origin>same-origin</a></code>",
      then:</p>

      <ol><li><p>Let <var>coep</var> be the result of <a href=#obtain-an-embedder-policy id=the-coop-headers:obtain-an-embedder-policy>obtaining a cross-origin embedder policy</a> from <var>response</var> and
       <var>reservedEnvironment</var>.<li><p>If <var>coep</var>'s <a href=#embedder-policy-value-2 id=the-coop-headers:embedder-policy-value-2>value</a> is
       <a href=#compatible-with-cross-origin-isolation id=the-coop-headers:compatible-with-cross-origin-isolation>compatible with cross-origin isolation</a>, then set <var>policy</var>'s <a href=#coop-struct-value id=the-coop-headers:coop-struct-value>value</a> to "<code id=the-coop-headers:coop-same-origin-plus-coep><a href=#coop-same-origin-plus-coep>same-origin-plus-COEP</a></code>".<li><p>Otherwise, set <var>policy</var>'s <a href=#coop-struct-value id=the-coop-headers:coop-struct-value-2>value</a> to
       "<code id=the-coop-headers:coop-same-origin-2><a href=#coop-same-origin>same-origin</a></code>".</ol>
     <li><p>If <var>parsedItem</var>[0] is "<code id=the-coop-headers:coop-same-origin-allow-popups><a href=#coop-same-origin-allow-popups>same-origin-allow-popups</a></code>", then set
     <var>policy</var>'s <a href=#coop-struct-value id=the-coop-headers:coop-struct-value-3>value</a> to "<code id=the-coop-headers:coop-same-origin-allow-popups-2><a href=#coop-same-origin-allow-popups>same-origin-allow-popups</a></code>".<li><p>If <var>parsedItem</var>[0] is "<code id=the-coop-headers:coop-noopener-allow-popups><a href=#coop-noopener-allow-popups>noopener-allow-popups</a></code>", then set
     <var>policy</var>'s <a href=#coop-struct-value id=the-coop-headers:coop-struct-value-4>value</a> to "<code id=the-coop-headers:coop-noopener-allow-popups-2><a href=#coop-noopener-allow-popups>noopener-allow-popups</a></code>".<li><p>If <var>parsedItem</var>[1]["<code id=the-coop-headers:coop-report-to><a href=#coop-report-to>report-to</a></code>"] <a href=https://infra.spec.whatwg.org/#map-exists id=the-coop-headers:map-exists data-x-internal=map-exists>exists</a> and it is a string, then set <var>policy</var>'s <a href=#coop-struct-report-endpoint id=the-coop-headers:coop-struct-report-endpoint>reporting endpoint</a> to
     <var>parsedItem</var>[1]["<code id=the-coop-headers:coop-report-to-2><a href=#coop-report-to>report-to</a></code>"].</ol>
   <li><p>Set <var>parsedItem</var> to the result of <a id=the-coop-headers:getting-a-structured-field-value-2 href=https://fetch.spec.whatwg.org/#concept-header-list-get-structured-header data-x-internal=getting-a-structured-field-value>getting a structured field value</a>
   given `<code id=the-coop-headers:cross-origin-opener-policy-report-only><a href=#cross-origin-opener-policy-report-only>Cross-Origin-Opener-Policy-Report-Only</a></code>` and "<code>item</code>"
   from <var>response</var>'s <a href=https://fetch.spec.whatwg.org/#concept-response-header-list id=the-coop-headers:concept-response-header-list-2 data-x-internal=concept-response-header-list>header
   list</a>.<li>
    <p>If <var>parsedItem</var> is not null, then:</p>

    <ol><li>
      <p>If <var>parsedItem</var>[0] is "<code id=the-coop-headers:coop-same-origin-3><a href=#coop-same-origin>same-origin</a></code>",
      then:</p>

      <ol><li><p>Let <var>coep</var> be the result of <a href=#obtain-an-embedder-policy id=the-coop-headers:obtain-an-embedder-policy-2>obtaining a cross-origin embedder policy</a> from <var>response</var> and
       <var>reservedEnvironment</var>.<li>
        <p>If <var>coep</var>'s <a href=#embedder-policy-value-2 id=the-coop-headers:embedder-policy-value-2-2>value</a> is
        <a href=#compatible-with-cross-origin-isolation id=the-coop-headers:compatible-with-cross-origin-isolation-2>compatible with cross-origin isolation</a> or <var>coep</var>'s <a href=#embedder-policy-report-only-value id=the-coop-headers:embedder-policy-report-only-value>report-only value</a> is <a href=#compatible-with-cross-origin-isolation id=the-coop-headers:compatible-with-cross-origin-isolation-3>compatible
        with cross-origin isolation</a>, then set <var>policy</var>'s <a href=#coop-struct-report-only-value id=the-coop-headers:coop-struct-report-only-value>report-only value</a> to "<code id=the-coop-headers:coop-same-origin-plus-coep-2><a href=#coop-same-origin-plus-coep>same-origin-plus-COEP</a></code>".</p>

        <p class=note>Report only COOP also considers report-only COEP to assign the special
        "<code id=the-coop-headers:coop-same-origin-plus-coep-3><a href=#coop-same-origin-plus-coep>same-origin-plus-COEP</a></code>" value. This allows
        developers more freedom in the order of deployment of COOP and COEP.</p>
       <li><p>Otherwise, set <var>policy</var>'s <a href=#coop-struct-report-only-value id=the-coop-headers:coop-struct-report-only-value-2>report-only value</a> to "<code id=the-coop-headers:coop-same-origin-4><a href=#coop-same-origin>same-origin</a></code>".</ol>
     <li><p>If <var>parsedItem</var>[0] is "<code id=the-coop-headers:coop-same-origin-allow-popups-3><a href=#coop-same-origin-allow-popups>same-origin-allow-popups</a></code>", then set
     <var>policy</var>'s <a href=#coop-struct-report-only-value id=the-coop-headers:coop-struct-report-only-value-3>report-only value</a> to
     "<code id=the-coop-headers:coop-same-origin-allow-popups-4><a href=#coop-same-origin-allow-popups>same-origin-allow-popups</a></code>".<li><p>If <var>parsedItem</var>[1]["<code id=the-coop-headers:coop-report-to-3><a href=#coop-report-to>report-to</a></code>"] <a href=https://infra.spec.whatwg.org/#map-exists id=the-coop-headers:map-exists-2 data-x-internal=map-exists>exists</a> and it is a string, then set <var>policy</var>'s <a href=#coop-struct-report-only-endpoint id=the-coop-headers:coop-struct-report-only-endpoint>report-only reporting endpoint</a> to
     <var>parsedItem</var>[1]["<code id=the-coop-headers:coop-report-to-4><a href=#coop-report-to>report-to</a></code>"].</ol>
   <li><p>Return <var>policy</var>.</ol>


  <h5 id=browsing-context-group-switches-due-to-cross-origin-opener-policy><span class=secno>7.1.3.2</span> Browsing context group
  switches due to opener policy<a href=#browsing-context-group-switches-due-to-cross-origin-opener-policy class=self-link></a></h5>

  <p>To <dfn id=check-browsing-context-group-switch-coop-value-popup>check if popup COOP
  values require a browsing context group switch</dfn>, given two <a href=#concept-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:concept-origin>origins</a> <var>responseOrigin</var> and
  <var>activeDocumentNavigationOrigin</var>, and two <a href=#coop-struct-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-value>opener policy
  values</a> <var>responseCOOPValue</var> and <var>activeDocumentCOOPValue</var>:</p>
  <ol><li><p>If <var>responseCOOPValue</var> is "<code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-noopener-allow-popups><a href=#coop-noopener-allow-popups>noopener-allow-popups</a></code>", then return true.<li>
    <p>If all of the following are true:</p>

    <ul><li><p><var>activeDocumentCOOPValue</var>'s <a href=#coop-struct-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-value-2>value</a> is
     "<code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-same-origin-allow-popups><a href=#coop-same-origin-allow-popups>same-origin-allow-popups</a></code>" or
     "<code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-noopener-allow-popups-2><a href=#coop-noopener-allow-popups>noopener-allow-popups</a></code>"; and<li><p><var>responseCOOPValue</var> is "<code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-unsafe-none><a href=#coop-unsafe-none>unsafe-none</a></code>",</ul>

    <p>then return false.</p>
   <li><p>If the result of <a href=#matching-coop id=browsing-context-group-switches-due-to-cross-origin-opener-policy:matching-coop>matching</a>
   <var>activeDocumentCOOPValue</var>, <var>activeDocumentNavigationOrigin</var>,
   <var>responseCOOPValue</var>, and <var>responseOrigin</var> is true, then return false.<li><p>Return true.</p>
  </ol>

  <p>To <dfn id=check-browsing-context-group-switch-coop-value>check if COOP values require a
  browsing context group switch</dfn>, given a boolean <var>isInitialAboutBlank</var>, two <a href=#concept-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:concept-origin-2>origins</a> <var>responseOrigin</var> and
  <var>activeDocumentNavigationOrigin</var>, and two <a href=#coop-struct-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-value-3>opener policy
  values</a> <var>responseCOOPValue</var> and <var>activeDocumentCOOPValue</var>:</p>

  <ol><li><p>If <var>isInitialAboutBlank</var> is true, then return the result of <a href=#check-browsing-context-group-switch-coop-value-popup id=browsing-context-group-switches-due-to-cross-origin-opener-policy:check-browsing-context-group-switch-coop-value-popup>checking if popup COOP values
   requires a browsing context group switch</a> with <var>responseOrigin</var>,
   <var>activeDocumentNavigationOrigin</var>, <var>responseCOOPValue</var>, and
   <var>activeDocumentCOOPValue</var>.<li>
    <p class=note>Here we are dealing with a non-popup navigation.</p>

    <p>If the result of <a href=#matching-coop id=browsing-context-group-switches-due-to-cross-origin-opener-policy:matching-coop-2>matching</a>
    <var>activeDocumentCOOPValue</var>, <var>activeDocumentNavigationOrigin</var>,
    <var>responseCOOPValue</var>, and <var>responseOrigin</var> is true, then return false.</p>
   <li><p>Return true.</p>
  </ol>

  <p>To <dfn id=check-bcg-switch-navigation-report-only>check if enforcing report-only COOP
  would require a browsing context group switch</dfn>, given a boolean
  <var>isInitialAboutBlank</var>, two <a href=#concept-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:concept-origin-3>origins</a>
  <var>responseOrigin</var>, <var>activeDocumentNavigationOrigin</var>, and two <a href=#cross-origin-opener-policy id=browsing-context-group-switches-due-to-cross-origin-opener-policy:cross-origin-opener-policy>opener policies</a> <var>responseCOOP</var> and <var>activeDocumentCOOP</var>:</p>

  <ol><li>
    <p>If the result of <a href=#check-browsing-context-group-switch-coop-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:check-browsing-context-group-switch-coop-value>checking if
    COOP values require a browsing context group switch</a> given
    <var>isInitialAboutBlank</var>, <var>responseOrigin</var>,
    <var>activeDocumentNavigationOrigin</var>, <var>responseCOOP</var>'s <a href=#coop-struct-report-only-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-report-only-value>report-only value</a>, and
    <var>activeDocumentCOOPReportOnly</var>'s <a href=#coop-struct-report-only-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-report-only-value-2>report-only value</a> is false, then return
    false.</p>

    <p class=note>Matching report-only policies allows a website to specify the same report-only
    opener policy on all its pages and not receive violation reports for navigations between these
    pages.</p>
   <li><p>If the result of <a href=#check-browsing-context-group-switch-coop-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:check-browsing-context-group-switch-coop-value-2>checking
   if COOP values require a browsing context group switch</a> given
   <var>isInitialAboutBlank</var>, <var>responseOrigin</var>,
   <var>activeDocumentNavigationOrigin</var>, <var>responseCOOP</var>'s <a href=#coop-struct-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-value-4>value</a>, and <var>activeDocumentCOOPReportOnly</var>'s <a href=#coop-struct-report-only-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-report-only-value-3>report-only value</a> is true, then return
   true.<li><p>If the result of <a href=#check-browsing-context-group-switch-coop-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:check-browsing-context-group-switch-coop-value-3>checking
   if COOP values require a browsing context group switch</a> given
   <var>isInitialAboutBlank</var>, <var>responseOrigin</var>,
   <var>activeDocumentNavigationOrigin</var>, <var>responseCOOP</var>'s <a href=#coop-struct-report-only-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-report-only-value-4>report-only value</a>, and
   <var>activeDocumentCOOPReportOnly</var>'s <a href=#coop-struct-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-value-5>value</a> is true,
   then return true.<li><p>Return false.</ol>

  <p>An <dfn id=coop-enforcement-result>opener policy enforcement result</dfn> is a
  <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:struct href=https://infra.spec.whatwg.org/#struct data-x-internal=struct>struct</a> with the following <a href=https://infra.spec.whatwg.org/#struct-item id=browsing-context-group-switches-due-to-cross-origin-opener-policy:struct-item data-x-internal=struct-item>items</a>:</p>

  <ul><li><p>A boolean <dfn id=coop-enforcement-bcg-switch>needs a browsing context group
   switch</dfn>, initially false.<li><p>A boolean <dfn id=coop-enforcement-bcg-switch-report-only>would need a browsing
   context group switch due to report-only</dfn>, initially false.<li><p>A <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:url href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a> <dfn id=coop-enforcement-url>url</dfn>.<li><p>An <a href=#concept-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:concept-origin-4>origin</a> <dfn id=coop-enforcement-origin>origin</dfn>.<li><p>An <a href=#cross-origin-opener-policy id=browsing-context-group-switches-due-to-cross-origin-opener-policy:cross-origin-opener-policy-2>opener policy</a> <dfn id=coop-enforcement-coop>opener
   policy</dfn>.<li><p>A boolean <dfn id=coop-enforcement-source>current context is navigation
   source</dfn>, initially false.</ul>

  <p>To <dfn id=coop-enforce>enforce a response's opener policy</dfn>, given a <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:browsing-context href=document-sequences.html#browsing-context>browsing
  context</a> <var>browsingContext</var>, a <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:url-2 href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a> <var>responseURL</var>, an
  <a href=#concept-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:concept-origin-5>origin</a> <var>responseOrigin</var>, an <a href=#cross-origin-opener-policy id=browsing-context-group-switches-due-to-cross-origin-opener-policy:cross-origin-opener-policy-3>opener policy</a>
  <var>responseCOOP</var>, an <a href=#coop-enforcement-result id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-result>opener policy enforcement
  result</a> <var>currentCOOPEnforcementResult</var>, and a <a href=https://fetch.spec.whatwg.org/#concept-request-referrer id=browsing-context-group-switches-due-to-cross-origin-opener-policy:concept-request-referrer data-x-internal=concept-request-referrer>referrer</a> <var>referrer</var>:</p>

  <ol><li>
    <p>Let <var>newCOOPEnforcementResult</var> be a new <a href=#coop-enforcement-result id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-result-2>opener policy enforcement result</a> with</p>

    <dl class=props><dt><a href=#coop-enforcement-bcg-switch id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-bcg-switch>needs a browsing context group switch</a><dd><var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-bcg-switch id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-bcg-switch-2>needs
     a browsing context group switch</a><dt><a href=#coop-enforcement-bcg-switch-report-only id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-bcg-switch-report-only>would need a browsing context group switch due to report-only</a><dd><var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-bcg-switch-report-only id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-bcg-switch-report-only-2>would need a browsing context group switch
     due to report-only</a><dt><a href=#coop-enforcement-url id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-url>url</a><dd><var>responseURL</var><dt><a href=#coop-enforcement-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-origin>origin</a><dd><var>responseOrigin</var><dt><a href=#coop-enforcement-coop id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-coop>opener policy</a><dd><var>responseCOOP</var><dt><a href=#coop-enforcement-source id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-source>current context is navigation source</a><dd>true</dl>
   <li><p>Let <var>isInitialAboutBlank</var> be <var>browsingContext</var>'s <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:active-document href=document-sequences.html#active-document>active
   document</a>'s <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:is-initial-about:blank href=dom.html#is-initial-about:blank>is initial <code>about:blank</code></a>.<li><p>If <var>isInitialAboutBlank</var> is true and <var>browsingContext</var>'s <a href=document-sequences.html#browsing-context-initial-url id=browsing-context-group-switches-due-to-cross-origin-opener-policy:browsing-context-initial-url>initial URL</a> is null, set
   <var>browsingContext</var>'s <a href=document-sequences.html#browsing-context-initial-url id=browsing-context-group-switches-due-to-cross-origin-opener-policy:browsing-context-initial-url-2>initial URL</a> to
   <var>responseURL</var>.<li>
    <p>If the result of <a href=#check-browsing-context-group-switch-coop-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:check-browsing-context-group-switch-coop-value-4>checking if
    COOP values require a browsing context group switch</a> given
    <var>isInitialAboutBlank</var>, <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-coop id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-coop-2>opener policy</a>'s <a href=#coop-struct-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-value-6>value</a>, <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-origin-2>origin</a>, <var>responseCOOP</var>'s <a href=#coop-struct-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-value-7>value</a>, and <var>responseOrigin</var> is true, then:</p>

    <ol><li><p>Set <var>newCOOPEnforcementResult</var>'s <a href=#coop-enforcement-bcg-switch id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-bcg-switch-3>needs a browsing context group switch</a> to
     true.<li>
      <p>If <var>browsingContext</var>'s <a href=document-sequences.html#tlbc-group id=browsing-context-group-switches-due-to-cross-origin-opener-policy:tlbc-group>group</a>'s <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:browsing-context-set href=document-sequences.html#browsing-context-set>browsing
      context set</a>'s <a href=https://infra.spec.whatwg.org/#list-size id=browsing-context-group-switches-due-to-cross-origin-opener-policy:list-size data-x-internal=list-size>size</a> is greater than 1, then:</p>

      <ol><li><p><a href=#coop-violation-navigation-to id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-violation-navigation-to>Queue a violation report for browsing
       context group switch when navigating to a COOP response</a> with <var>responseCOOP</var>,
       "<code>enforce</code>", <var>responseURL</var>,
       <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-url id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-url-2>url</a>,
       <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-origin-3>origin</a>, <var>responseOrigin</var>, and
       <var>referrer</var>.<li><p><a href=#coop-violation-navigation-from id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-violation-navigation-from>Queue a violation report for browsing
       context group switch when navigating away from a COOP response</a> with
       <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-coop id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-coop-3>opener
       policy</a>, "<code>enforce</code>", <var>currentCOOPEnforcementResult</var>'s
       <a href=#coop-enforcement-url id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-url-3>url</a>, <var>responseURL</var>,
       <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-origin-4>origin</a>, <var>responseOrigin</var>, and
       <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-source id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-source-2>current
       context is navigation source</a>.</ol>
     </ol>
   <li>
    <p>If the result of <a href=#check-bcg-switch-navigation-report-only id=browsing-context-group-switches-due-to-cross-origin-opener-policy:check-bcg-switch-navigation-report-only>checking if
    enforcing report-only COOP would require a browsing context group switch</a> given
    <var>isInitialAboutBlank</var>, <var>responseOrigin</var>,
    <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-origin-5>origin</a>,
    <var>responseCOOP</var>, and <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-coop id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-coop-4>opener policy</a>, is true, then:</p>

    <ol><li><p>Set <var>newCOOPEnforcementResult</var>'s <a href=#coop-enforcement-bcg-switch-report-only id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-bcg-switch-report-only-3>would
     need a browsing context group switch due to report-only</a> to true.<li>
      <p>If <var>browsingContext</var>'s <a href=document-sequences.html#tlbc-group id=browsing-context-group-switches-due-to-cross-origin-opener-policy:tlbc-group-2>group</a>'s <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:browsing-context-set-2 href=document-sequences.html#browsing-context-set>browsing
      context set</a>'s <a href=https://infra.spec.whatwg.org/#list-size id=browsing-context-group-switches-due-to-cross-origin-opener-policy:list-size-2 data-x-internal=list-size>size</a> is greater than 1, then:</p>

      <ol><li><p><a href=#coop-violation-navigation-to id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-violation-navigation-to-2>Queue a violation report for browsing
       context group switch when navigating to a COOP response</a> with <var>responseCOOP</var>,
       "<code>reporting</code>", <var>responseURL</var>,
       <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-url id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-url-4>url</a>,
       <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-origin-6>origin</a>, <var>responseOrigin</var>, and
       <var>referrer</var>.<li><p><a href=#coop-violation-navigation-from id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-violation-navigation-from-2>Queue a violation report for browsing
       context group switch when navigating away from a COOP response</a> with
       <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-coop id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-coop-5>opener
       policy</a>, "<code>reporting</code>",
       <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-url id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-url-5>url</a>,
       <var>responseURL</var>, <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-origin-7>origin</a>, <var>responseOrigin</var>, and
       <var>currentCOOPEnforcementResult</var>'s <a href=#coop-enforcement-source id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-source-3>current
       context is navigation source</a>.</ol>
     </ol>
   <li><p>Return <var>newCOOPEnforcementResult</var>.</ol>

  <p>To <dfn id=obtain-browsing-context-navigation>obtain a browsing context to use for a
  navigation response</dfn>, given <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:navigation-params href=browsing-the-web.html#navigation-params>navigation params</a> <var>navigationParams</var>:</p>

  <ol><li><p>Let <var>browsingContext</var> be <var>navigationParams</var>'s <a href=browsing-the-web.html#navigation-params-navigable id=browsing-context-group-switches-due-to-cross-origin-opener-policy:navigation-params-navigable>navigable</a>'s <a href=document-sequences.html#nav-bc id=browsing-context-group-switches-due-to-cross-origin-opener-policy:nav-bc>active browsing
   context</a>.<li><p>If <var>browsingContext</var> is not a <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:top-level-browsing-context href=document-sequences.html#top-level-browsing-context>top-level browsing context</a>, then
   return <var>browsingContext</var>.<li><p>Let <var>coopEnforcementResult</var> be <var>navigationParams</var>'s <a href=browsing-the-web.html#navigation-params-coop-enforcement-result id=browsing-context-group-switches-due-to-cross-origin-opener-policy:navigation-params-coop-enforcement-result>COOP enforcement result</a>.<li><p>Let <var>swapGroup</var> be <var>coopEnforcementResult</var>'s <a href=#coop-enforcement-bcg-switch id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-bcg-switch-4>needs a browsing context group switch</a>.<li><p>Let <var>sourceOrigin</var> be <var>browsingContext</var>'s
   <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:active-document-2 href=document-sequences.html#active-document>active document</a>'s <a href=https://dom.spec.whatwg.org/#concept-document-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:concept-document-origin data-x-internal=concept-document-origin>origin</a>.<li><p>Let <var>destinationOrigin</var> be <var>navigationParams</var>'s <a href=browsing-the-web.html#navigation-params-origin id=browsing-context-group-switches-due-to-cross-origin-opener-policy:navigation-params-origin>origin</a>.<li>
    <p>If <var>sourceOrigin</var> is not <a href=#same-site id=browsing-context-group-switches-due-to-cross-origin-opener-policy:same-site>same site</a> with
    <var>destinationOrigin</var>:</p>

    <ol><li>
      <p>If either of <var>sourceOrigin</var> or <var>destinationOrigin</var> have a <a href=#concept-origin-scheme id=browsing-context-group-switches-due-to-cross-origin-opener-policy:concept-origin-scheme>scheme</a> that is not an <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:http(s)-scheme href=https://fetch.spec.whatwg.org/#http-scheme data-x-internal=http(s)-scheme>HTTP(S) scheme</a> and
      the user agent considers it necessary for <var>sourceOrigin</var> and
      <var>destinationOrigin</var> to be isolated from each other (for
      <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:implementation-defined href=https://infra.spec.whatwg.org/#implementation-defined data-x-internal=implementation-defined>implementation-defined</a> reasons), optionally set <var>swapGroup</var> to true.</p>

      <p class=note>For example, if a user navigates from <code>about:settings</code> to
      <code>https://example.com</code>, the user agent could force a swap.</p>

      <p class=XXX><a href=https://github.com/whatwg/html/issues/10842>Issue #10842</a> tracks
      settling on an interoperable behavior here, instead of letting this be optional.</p>
     <li>
      <p>If <var>navigationParams</var>'s <a href=browsing-the-web.html#navigation-params-user-involvement id=browsing-context-group-switches-due-to-cross-origin-opener-policy:navigation-params-user-involvement> user
      involvement</a> is "<code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:uni-browser-ui><a href=browsing-the-web.html#uni-browser-ui>browser UI</a></code>", optionally set
      <var>swapGroup</var> to true.</p>

      <p class=XXX><a href=https://github.com/whatwg/html/issues/6356>Issue #6356</a> tracks
      settling on an interoperable behavior here, instead of letting this be optional.</p>
     </ol>
   <li>
    <p>If <var>browsingContext</var>'s <a href=document-sequences.html#tlbc-group id=browsing-context-group-switches-due-to-cross-origin-opener-policy:tlbc-group-3>group</a>'s <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:browsing-context-set-3 href=document-sequences.html#browsing-context-set>browsing
    context set</a>'s <a href=https://infra.spec.whatwg.org/#list-size id=browsing-context-group-switches-due-to-cross-origin-opener-policy:list-size-3 data-x-internal=list-size>size</a> is 1, optionally set
    <var>swapGroup</var> to true.</p>

    <p class=note>Some implementations swap browsing context groups here for performance
    reasons.</p>

    <p class=note>The check for other contexts that could script this one is not sufficient to
    prevent differences in behavior that could affect a web page. Even if there are currently no
    other contexts, the destination page could open a window, then if the user navigates back, the
    previous page could expect to be able to script the opened window. Doing a swap here would break
    that use case.</p>
   <li>
    <p>If <var>swapGroup</var> is false, then:</p>

    <ol><li><p>If <var>coopEnforcementResult</var>'s <a href=#coop-enforcement-bcg-switch-report-only id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-enforcement-bcg-switch-report-only-4>would need a browsing context group switch
     due to report-only</a> is true, set <var>browsingContext</var>'s <a href=document-sequences.html#virtual-browsing-context-group-id id=browsing-context-group-switches-due-to-cross-origin-opener-policy:virtual-browsing-context-group-id>virtual browsing context group ID</a> to a new
     unique identifier.<li><p>Return <var>browsingContext</var>.</ol>
   <li>
    <p>Let <var>newBrowsingContext</var> be the first return value of <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:creating-a-new-top-level-browsing-context href=document-sequences.html#creating-a-new-top-level-browsing-context>creating a new
    top-level browsing context and document</a>.</p>

    <p class=note>In this case we are going to perform a browsing context group swap.
    <var>browsingContext</var> will not be used by the new <code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:document><a href=dom.html#document>Document</a></code> that we are about
    to <a href=document-lifecycle.html#initialise-the-document-object id=browsing-context-group-switches-due-to-cross-origin-opener-policy:initialise-the-document-object>create</a>. If it is not used by other
    <code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:document-2><a href=dom.html#document>Document</a></code>s either (such as ones in the back/forward cache), then the user agent
    might <a href=document-sequences.html#a-browsing-context-is-discarded>destroy it</a> at this point.</p>
   <li><p>Let <var>navigationCOOP</var> be <var>navigationParams</var>'s <a href=browsing-the-web.html#navigation-params-coop id=browsing-context-group-switches-due-to-cross-origin-opener-policy:navigation-params-coop>cross-origin opener policy</a>.<li>
    <p>If <var>navigationCOOP</var>'s <a href=#coop-struct-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-value-8>value</a> is "<code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-same-origin-plus-coep><a href=#coop-same-origin-plus-coep>same-origin-plus-COEP</a></code>", then set
    <var>newBrowsingContext</var>'s <a href=document-sequences.html#tlbc-group id=browsing-context-group-switches-due-to-cross-origin-opener-policy:tlbc-group-4>group</a>'s <a href=document-sequences.html#bcg-cross-origin-isolation id=browsing-context-group-switches-due-to-cross-origin-opener-policy:bcg-cross-origin-isolation>cross-origin isolation mode</a> to either "<code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:cross-origin-isolation-logical><a href=document-sequences.html#cross-origin-isolation-logical>logical</a></code>" or "<code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:cross-origin-isolation-concrete><a href=document-sequences.html#cross-origin-isolation-concrete>concrete</a></code>". The choice of which is
    <a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:implementation-defined-2 href=https://infra.spec.whatwg.org/#implementation-defined data-x-internal=implementation-defined>implementation-defined</a>.</p>

    <p class=note>It is difficult on some platforms to provide the security properties required
    by the <a href=webappapis.html#concept-settings-object-cross-origin-isolated-capability id=browsing-context-group-switches-due-to-cross-origin-opener-policy:concept-settings-object-cross-origin-isolated-capability>cross-origin
    isolated capability</a>. "<code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:cross-origin-isolation-concrete-2><a href=document-sequences.html#cross-origin-isolation-concrete>concrete</a></code>"
    grants access to it and "<code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:cross-origin-isolation-logical-2><a href=document-sequences.html#cross-origin-isolation-logical>logical</a></code>" does
    not.</p>
   <li><p>Let <var>sandboxFlags</var> be a <a href=https://infra.spec.whatwg.org/#list-clone id=browsing-context-group-switches-due-to-cross-origin-opener-policy:list-clone data-x-internal=list-clone>clone</a> of
   <var>navigationParams</var>'s <a href=browsing-the-web.html#navigation-params-sandboxing id=browsing-context-group-switches-due-to-cross-origin-opener-policy:navigation-params-sandboxing>final sandboxing flag set</a>.<li>
    <p>If <var>sandboxFlags</var> is not empty, then:</p>
    <ol><li><p><a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:assert href=https://infra.spec.whatwg.org/#assert data-x-internal=assert>Assert</a>: <var>navigationCOOP</var>'s <a href=#coop-struct-value id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-struct-value-9>value</a> is
     "<code id=browsing-context-group-switches-due-to-cross-origin-opener-policy:coop-unsafe-none-2><a href=#coop-unsafe-none>unsafe-none</a></code>".<li><p><a id=browsing-context-group-switches-due-to-cross-origin-opener-policy:assert-2 href=https://infra.spec.whatwg.org/#assert data-x-internal=assert>Assert</a>: <var>newBrowsingContext</var>'s <a href=#popup-sandboxing-flag-set id=browsing-context-group-switches-due-to-cross-origin-opener-policy:popup-sandboxing-flag-set>popup sandboxing flag
     set</a> <a href=https://infra.spec.whatwg.org/#list-is-empty id=browsing-context-group-switches-due-to-cross-origin-opener-policy:list-is-empty data-x-internal=list-is-empty>is empty</a>.<li><p>Set <var>newBrowsingContext</var>'s <a href=#popup-sandboxing-flag-set id=browsing-context-group-switches-due-to-cross-origin-opener-policy:popup-sandboxing-flag-set-2>popup sandboxing flag set</a> to
     <var>sandboxFlags</var>.</ol>
   <li><p>Return <var>newBrowsingContext</var>.</ol>


  <h5 id=coop-reporting><span class=secno>7.1.3.3</span> <span id=reporting></span>Reporting<a href=#coop-reporting class=self-link></a></h5>

  <p>An <dfn id=accessor-accessed-relationship>accessor-accessed relationship</dfn> is an enum that describes the relationship
  between two <a href=document-sequences.html#browsing-context id=coop-reporting:browsing-context>browsing contexts</a> between which an access
  happened. It can take the following values:</p>

  <dl><dt><dfn id=accessor-accessed-opener>accessor is opener</dfn><dd><p>The accessor <a id=coop-reporting:browsing-context-2 href=document-sequences.html#browsing-context>browsing context</a> or one of its <a href=document-sequences.html#ancestor-browsing-context id=coop-reporting:ancestor-browsing-context>ancestors</a> is the <a id=coop-reporting:opener-browsing-context href=document-sequences.html#opener-browsing-context>opener browsing context</a> of the accessed
   <a id=coop-reporting:browsing-context-3 href=document-sequences.html#browsing-context>browsing context</a>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc>top-level browsing
   context</a>.<dt><dfn id=accessor-accessed-openee>accessor is openee</dfn><dd><p>The accessed <a id=coop-reporting:browsing-context-4 href=document-sequences.html#browsing-context>browsing context</a> or one of its <a href=document-sequences.html#ancestor-browsing-context id=coop-reporting:ancestor-browsing-context-2>ancestors</a> is the <a id=coop-reporting:opener-browsing-context-2 href=document-sequences.html#opener-browsing-context>opener browsing context</a> of the accessor
   <a id=coop-reporting:browsing-context-5 href=document-sequences.html#browsing-context>browsing context</a>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc-2>top-level browsing
   context</a>.<dt><dfn id=accessor-accessed-none>none</dfn><dd><p>There is no opener relationship between the accessor <a id=coop-reporting:browsing-context-6 href=document-sequences.html#browsing-context>browsing context</a>, the
   accessor <a id=coop-reporting:browsing-context-7 href=document-sequences.html#browsing-context>browsing context</a>, or any of their <a href=document-sequences.html#ancestor-browsing-context id=coop-reporting:ancestor-browsing-context-3>ancestors</a>.</dl>

  <p>To <dfn id=coop-check-access-report>check if an access between two browsing contexts
  should be reported</dfn>, given two <a href=document-sequences.html#browsing-context id=coop-reporting:browsing-context-8>browsing contexts</a>
  <var>accessor</var> and <var>accessed</var>, a JavaScript property name <var>P</var>, and an
  <a id=coop-reporting:environment-settings-object href=webappapis.html#environment-settings-object>environment settings object</a> <var>environment</var>:</p>

  <ol><li><p>If <var>P</var> is not a <a id=coop-reporting:cross-origin-accessible-window-property-name href=nav-history-apis.html#cross-origin-accessible-window-property-name>cross-origin accessible window property name</a>, then
   return.<li><p><a id=coop-reporting:assert href=https://infra.spec.whatwg.org/#assert data-x-internal=assert>Assert</a>: <var>accessor</var>'s <a id=coop-reporting:active-document href=document-sequences.html#active-document>active document</a> and
   <var>accessed</var>'s <a id=coop-reporting:active-document-2 href=document-sequences.html#active-document>active document</a> are both <a id=coop-reporting:fully-active href=document-sequences.html#fully-active>fully active</a>.<li><p>Let <var>accessorTopDocument</var> be <var>accessor</var>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc-3>top-level browsing context</a>'s <a id=coop-reporting:active-document-3 href=document-sequences.html#active-document>active document</a>.<li><p>Let <var>accessorInclusiveAncestorOrigins</var> be the list obtained by taking the <a href=https://dom.spec.whatwg.org/#concept-document-origin id=coop-reporting:concept-document-origin data-x-internal=concept-document-origin>origin</a> of the <a href=document-sequences.html#nav-document id=coop-reporting:nav-document>active
   document</a> of each of <var>accessor</var>'s <a id=coop-reporting:active-document-4 href=document-sequences.html#active-document>active document</a>'s <a id=coop-reporting:inclusive-ancestor-navigables href=document-sequences.html#inclusive-ancestor-navigables>inclusive
   ancestor navigables</a>.<li><p>Let <var>accessedTopDocument</var> be <var>accessed</var>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc-4>top-level browsing context</a>'s <a id=coop-reporting:active-document-5 href=document-sequences.html#active-document>active document</a>.<li><p>Let <var>accessedInclusiveAncestorOrigins</var> be the list obtained by taking the <a href=https://dom.spec.whatwg.org/#concept-document-origin id=coop-reporting:concept-document-origin-2 data-x-internal=concept-document-origin>origin</a> of the <a href=document-sequences.html#nav-document id=coop-reporting:nav-document-2>active
   document</a> of each of <var>accessed</var>'s <a id=coop-reporting:active-document-6 href=document-sequences.html#active-document>active document</a>'s <a id=coop-reporting:inclusive-ancestor-navigables-2 href=document-sequences.html#inclusive-ancestor-navigables>inclusive
   ancestor navigables</a>.<li>
    <p>If any of <var>accessorInclusiveAncestorOrigins</var> are not <a href=#same-origin id=coop-reporting:same-origin>same origin</a> with
    <var>accessorTopDocument</var>'s <a href=https://dom.spec.whatwg.org/#concept-document-origin id=coop-reporting:concept-document-origin-3 data-x-internal=concept-document-origin>origin</a>, or if
    any of <var>accessedInclusiveAncestorOrigins</var> are not <a href=#same-origin id=coop-reporting:same-origin-2>same origin</a> with
    <var>accessedTopDocument</var>'s <a href=https://dom.spec.whatwg.org/#concept-document-origin id=coop-reporting:concept-document-origin-4 data-x-internal=concept-document-origin>origin</a>, then
    return.</p>

    <p class=note>This avoids leaking information about cross-origin iframes to a top level frame
    with opener policy reporting.</p>
   <li><p>If <var>accessor</var>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc-5>top-level browsing context</a>'s <a href=document-sequences.html#virtual-browsing-context-group-id id=coop-reporting:virtual-browsing-context-group-id>virtual browsing context group ID</a> is
   <var>accessed</var>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc-6>top-level browsing context</a>'s <a href=document-sequences.html#virtual-browsing-context-group-id id=coop-reporting:virtual-browsing-context-group-id-2>virtual browsing context group ID</a>, then
   return.<li><p>Let <var>accessorAccessedRelationship</var> be a new <a href=#accessor-accessed-relationship id=coop-reporting:accessor-accessed-relationship>accessor-accessed
   relationship</a> with value <a href=#accessor-accessed-none id=coop-reporting:accessor-accessed-none>none</a>.<li><p>If <var>accessed</var>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc-7>top-level browsing context</a>'s
   <a id=coop-reporting:opener-browsing-context-3 href=document-sequences.html#opener-browsing-context>opener browsing context</a> is <var>accessor</var> or is an <a href=document-sequences.html#ancestor-browsing-context id=coop-reporting:ancestor-browsing-context-4>ancestor</a> of <var>accessor</var>, then set
   <var>accessorAccessedRelationship</var> to <a href=#accessor-accessed-opener id=coop-reporting:accessor-accessed-opener>accessor is
   opener</a>.<li><p>If <var>accessor</var>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc-8>top-level browsing context</a>'s
   <a id=coop-reporting:opener-browsing-context-4 href=document-sequences.html#opener-browsing-context>opener browsing context</a> is <var>accessed</var> or is an <a href=document-sequences.html#ancestor-browsing-context id=coop-reporting:ancestor-browsing-context-5>ancestor</a> of <var>accessed</var>, then set
   <var>accessorAccessedRelationship</var> to <a href=#accessor-accessed-openee id=coop-reporting:accessor-accessed-openee>accessor is
   openee</a>.<li><p><a href=#coop-violation-access id=coop-reporting:coop-violation-access>Queue violation reports for accesses</a>, given
   <var>accessorAccessedRelationship</var>, <var>accessorTopDocument</var>'s <a href=dom.html#concept-document-coop id=coop-reporting:concept-document-coop>opener policy</a>, <var>accessedTopDocument</var>'s <a href=dom.html#concept-document-coop id=coop-reporting:concept-document-coop-2>opener policy</a>, <var>accessor</var>'s <a id=coop-reporting:active-document-7 href=document-sequences.html#active-document>active
   document</a>'s <a href=https://dom.spec.whatwg.org/#concept-document-url id="coop-reporting:the-document's-address" data-x-internal="the-document's-address">URL</a>, <var>accessed</var>'s
   <a id=coop-reporting:active-document-8 href=document-sequences.html#active-document>active document</a>'s <a href=https://dom.spec.whatwg.org/#concept-document-url id="coop-reporting:the-document's-address-2" data-x-internal="the-document's-address">URL</a>,
   <var>accessor</var>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc-9>top-level browsing context</a>'s <a href=document-sequences.html#browsing-context-initial-url id=coop-reporting:browsing-context-initial-url>initial URL</a>, <var>accessed</var>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc-10>top-level browsing context</a>'s <a href=document-sequences.html#browsing-context-initial-url id=coop-reporting:browsing-context-initial-url-2>initial URL</a>, <var>accessor</var>'s <a id=coop-reporting:active-document-9 href=document-sequences.html#active-document>active
   document</a>'s <a href=https://dom.spec.whatwg.org/#concept-document-origin id=coop-reporting:concept-document-origin-5 data-x-internal=concept-document-origin>origin</a>, <var>accessed</var>'s
   <a id=coop-reporting:active-document-10 href=document-sequences.html#active-document>active document</a>'s <a href=https://dom.spec.whatwg.org/#concept-document-origin id=coop-reporting:concept-document-origin-6 data-x-internal=concept-document-origin>origin</a>,
   <var>accessor</var>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc-11>top-level browsing context</a>'s <a href=document-sequences.html#opener-origin-at-creation id=coop-reporting:opener-origin-at-creation>opener origin at creation</a>, <var>accessed</var>'s <a href=document-sequences.html#bc-tlbc id=coop-reporting:bc-tlbc-12>top-level browsing context</a>'s <a href=document-sequences.html#opener-origin-at-creation id=coop-reporting:opener-origin-at-creation-2>opener origin at creation</a>,
   <var>accessorTopDocument</var>'s <a href=dom.html#dom-document-referrer id=coop-reporting:dom-document-referrer>referrer</a>,
   <var>accessedTopDocument</var>'s <a href=dom.html#dom-document-referrer id=coop-reporting:dom-document-referrer-2>referrer</a>,
   <var>P</var>, and <var>environment</var>.</ol>

  <p>To <dfn id=sanitize-url-report>sanitize a URL to send in a report</dfn> given a
  <a id=coop-reporting:url href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a> <var>url</var>:</p>

  <ol><li><p>Let <var>sanitizedURL</var> be a copy of <var>url</var>.<li><p><a href=https://url.spec.whatwg.org/#set-the-username id=coop-reporting:set-the-username data-x-internal=set-the-username>Set the username</a> given <var>sanitizedURL</var> and
   the empty string.

   <li><p><a href=https://url.spec.whatwg.org/#set-the-password id=coop-reporting:set-the-password data-x-internal=set-the-password>Set the password</a> given <var>sanitizedURL</var> and
   the empty string.

   <li><p>Return the <a href=https://url.spec.whatwg.org/#concept-url-serializer id=coop-reporting:concept-url-serializer data-x-internal=concept-url-serializer>serialization</a> of
   <var>sanitizedURL</var> with <a href=https://url.spec.whatwg.org/#url-serializer-exclude-fragment id=coop-reporting:url-serializer-exclude-fragment data-x-internal=url-serializer-exclude-fragment><i>exclude
   fragment</i></a> set to true.</ol>

  <p>To <dfn id=coop-violation-navigation-to>queue a violation report for browsing context
  group switch when navigating to a COOP response</dfn> given an <a href=#cross-origin-opener-policy id=coop-reporting:cross-origin-opener-policy>opener
  policy</a> <var>coop</var>, a string <var>disposition</var>, a <a id=coop-reporting:url-2 href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a>
  <var>coopURL</var>, a <a id=coop-reporting:url-3 href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a> <var>previousResponseURL</var>, two <a href=#concept-origin id=coop-reporting:concept-origin>origins</a> <var>coopOrigin</var> and <var>previousResponseOrigin</var>, and a
  <a href=https://fetch.spec.whatwg.org/#concept-request-referrer id=coop-reporting:concept-request-referrer data-x-internal=concept-request-referrer>referrer</a> <var>referrer</var>:</p>

  <ol><li><p>If <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint>reporting endpoint</a>
   is null, return.<li><p>Let <var>coopValue</var> be <var>coop</var>'s <a href=#coop-struct-value id=coop-reporting:coop-struct-value>value</a>.<li><p>If <var>disposition</var> is "<code>reporting</code>", then set
   <var>coopValue</var> to <var>coop</var>'s <a href=#coop-struct-report-only-value id=coop-reporting:coop-struct-report-only-value>report-only value</a>.<li><p>Let <var>serializedReferrer</var> be an empty string.<li><p>If <var>referrer</var> is a <a id=coop-reporting:url-4 href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a>, set <var>serializedReferrer</var> to the
   <a href=https://url.spec.whatwg.org/#concept-url-serializer id=coop-reporting:concept-url-serializer-2 data-x-internal=concept-url-serializer>serialization</a> of <var>referrer</var>.

   <li>
    <p>Let <var>body</var> be a new object containing the following properties:</p>

    <table class=data><thead><tr><th>key<th>value<tbody><tr><td>disposition<td><var>disposition</var><tr><td>effectivePolicy<td><var>coopValue</var><tr><td>previousResponseURL<td>If <var>coopOrigin</var> and <var>previousResponseOrigin</var> are <a href=#same-origin id=coop-reporting:same-origin-3>same origin</a> this is the <a href=#sanitize-url-report id=coop-reporting:sanitize-url-report>sanitization</a> of <var>previousResponseURL</var>, null otherwise.<tr><td>referrer<td><var>serializedReferrer</var><tr><td>type<td>"<code>navigation-to-response</code>"</table>
   <li><p><a href=https://w3c.github.io/reporting/#queue-report id=coop-reporting:queue-a-report data-x-internal=queue-a-report>Queue</a> <var>body</var> as "<code>coop</code>" for <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-2>reporting endpoint</a> with <var>coopURL</var>.</ol>

  <p>To <dfn id=coop-violation-navigation-from>queue a violation report for browsing context
  group switch when navigating away from a COOP response</dfn> given an <a href=#cross-origin-opener-policy id=coop-reporting:cross-origin-opener-policy-2>opener policy</a> <var>coop</var>, a string <var>disposition</var>, a <a id=coop-reporting:url-5 href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a>
  <var>coopURL</var>, a <a id=coop-reporting:url-6 href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a> <var>nextResponseURL</var>, two <a href=#concept-origin id=coop-reporting:concept-origin-2>origins</a> <var>coopOrigin</var> and <var>nextResponseOrigin</var>, and a
  boolean <var>isCOOPResponseNavigationSource</var>:</p>

  <ol><li><p>If <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-3>reporting endpoint</a>
   is null, return.<li><p>Let <var>coopValue</var> be <var>coop</var>'s <a href=#coop-struct-value id=coop-reporting:coop-struct-value-2>value</a>.<li><p>If <var>disposition</var> is "<code>reporting</code>", then set
   <var>coopValue</var> to <var>coop</var>'s <a href=#coop-struct-report-only-value id=coop-reporting:coop-struct-report-only-value-2>report-only value</a>.<li>
    <p>Let <var>body</var> be a new object containing the following properties:</p>

    <table class=data><thead><tr><th>key<th>value<tbody><tr><td>disposition<td><var>disposition</var><tr><td>effectivePolicy<td><var>coopValue</var><tr><td>nextResponseURL<td>If <var>coopOrigin</var> and <var>nextResponseOrigin</var> are <a href=#same-origin id=coop-reporting:same-origin-4>same origin</a>
       or <var>isCOOPResponseNavigationSource</var> is true, this is the <a href=#sanitize-url-report id=coop-reporting:sanitize-url-report-2>sanitization</a> of <var>nextResponseURL</var>, null otherwise.<tr><td>type<td>"<code>navigation-from-response</code>"</table>
   <li><p><a href=https://w3c.github.io/reporting/#queue-report id=coop-reporting:queue-a-report-2 data-x-internal=queue-a-report>Queue</a> <var>body</var> as "<code>coop</code>" for <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-4>reporting endpoint</a> with <var>coopURL</var>.</ol>

  <p>To <dfn id=coop-violation-access>queue violation reports for accesses</dfn>, given an
  <a href=#accessor-accessed-relationship id=coop-reporting:accessor-accessed-relationship-2>accessor-accessed relationship</a> <var>accessorAccessedRelationship</var>, two <a href=#cross-origin-opener-policy id=coop-reporting:cross-origin-opener-policy-3>opener policies</a> <var>accessorCOOP</var> and <var>accessedCOOP</var>,
  four <a href=https://url.spec.whatwg.org/#concept-url id=coop-reporting:url-7 data-x-internal=url>URLs</a> <var>accessorURL</var>, <var>accessedURL</var>,
  <var>accessorInitialURL</var>, <var>accessedInitialURL</var>, four <a href=#concept-origin id=coop-reporting:concept-origin-3>origins</a> <var>accessorOrigin</var>, <var>accessedOrigin</var>,
  <var>accessorCreatorOrigin</var> and <var>accessedCreatorOrigin</var>, two <a href=dom.html#dom-document-referrer id=coop-reporting:dom-document-referrer-3>referrers</a> <var>accessorReferrer</var> and
  <var>accessedReferrer</var>, a string <var>propertyName</var>, and an <a id=coop-reporting:environment-settings-object-2 href=webappapis.html#environment-settings-object>environment settings
  object</a> <var>environment</var>:</p>

  <ol><li><p>If <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-5>reporting endpoint</a>
   is null, return.<li><p>Let <var>coopValue</var> be <var>coop</var>'s <a href=#coop-struct-value id=coop-reporting:coop-struct-value-3>value</a>.<li><p>If <var>disposition</var> is "<code>reporting</code>", then set
   <var>coopValue</var> to <var>coop</var>'s <a href=#coop-struct-report-only-value id=coop-reporting:coop-struct-report-only-value-3>report-only value</a>.<li>
    <p>If <var>accessorAccessedRelationship</var> is <a href=#accessor-accessed-opener id=coop-reporting:accessor-accessed-opener-2>accessor is opener</a>:</p>

    <ol><li><p><a href=#coop-violation-access-to-opened id=coop-reporting:coop-violation-access-to-opened>Queue a violation report
     for access to an opened window</a>, given <var>accessorCOOP</var>, <var>accessorURL</var>,
     <var>accessedURL</var>, <var>accessedInitialURL</var>, <var>accessorOrigin</var>,
     <var>accessedOrigin</var>, <var>accessedCreatorOrigin</var>, <var>propertyName</var>,
     and <var>environment</var>.<li><p><a href=#coop-violation-access-from-opener id=coop-reporting:coop-violation-access-from-opener>Queue a violation report for access
     from the opener</a>, given <var>accessedCOOP</var>, <var>accessedURL</var>,
     <var>accessorURL</var>, <var>accessedOrigin</var>, <var>accessorOrigin</var>,
     <var>propertyName</var>, and <var>accessedReferrer</var>.</ol>
   <li>
    <p>Otherwise, if <var>accessorAccessedRelationship</var> is <a href=#accessor-accessed-openee id=coop-reporting:accessor-accessed-openee-2>accessor is openee</a>:</p>

    <ol><li><p><a href=#coop-violation-access-to-opener id=coop-reporting:coop-violation-access-to-opener>Queue a violation report for access to
     the opener</a>, given <var>accessorCOOP</var>, <var>accessorURL</var>,
     <var>accessedURL</var>, <var>accessorOrigin</var>, <var>accessedOrigin</var>,
     <var>propertyName</var>, <var>accessorReferrer</var>, and <var>environment</var>.<li><p><a href=#coop-violation-access-from-opened id=coop-reporting:coop-violation-access-from-opened>Queue a violation report for access
     from an opened window</a>, given <var>accessedCOOP</var>, <var>accessedURL</var>,
     <var>accessorURL</var>, <var>accessorInitialURL</var>, <var>accessedOrigin</var>,
     <var>accessorOrigin</var>, <var>accessorCreatorOrigin</var>, and
     <var>propertyName</var>.</ol>
   <li>
    <p>Otherwise:</p>

    <ol><li><p><a href=#coop-violation-access-to-opened id=coop-reporting:coop-violation-access-to-opened-2>Queue a violation report for
     access to another window</a>, given <var>accessorCOOP</var>, <var>accessorURL</var>,
     <var>accessedURL</var>, <var>accessorOrigin</var>, <var>accessedOrigin</var>,
     <var>propertyName</var>, and <var>environment</var>.<li><p><a href=#coop-violation-access-from-other id=coop-reporting:coop-violation-access-from-other>Queue a violation report for
     access from another window</a>, given <var>accessedCOOP</var>, <var>accessedURL</var>,
     <var>accessorURL</var>, <var>accessedOrigin</var>, <var>accessorOrigin</var>, and
     <var>propertyName</var>.</ol>
   </ol>

  <p>To <dfn id=coop-violation-access-to-opener>queue a violation report for access to the
  opener</dfn>, given an <a href=#cross-origin-opener-policy id=coop-reporting:cross-origin-opener-policy-4>opener policy</a> <var>coop</var>, two
  <a href=https://url.spec.whatwg.org/#concept-url id=coop-reporting:url-8 data-x-internal=url>URLs</a> <var>coopURL</var> and <var>openerURL</var>, two <a href=#concept-origin id=coop-reporting:concept-origin-4>origins</a> <var>coopOrigin</var> and <var>openerOrigin</var>, a string
  <var>propertyName</var>, a <a href=https://fetch.spec.whatwg.org/#concept-request-referrer id=coop-reporting:concept-request-referrer-2 data-x-internal=concept-request-referrer>referrer</a>
  <var>referrer</var>, and an <a id=coop-reporting:environment-settings-object-3 href=webappapis.html#environment-settings-object>environment settings object</a> <var>environment</var>:</p>

  <ol><li><p>Let <var>sourceFile</var>, <var>lineNumber</var>, and <var>columnNumber</var> be the
   relevant script URL and problematic position which triggered this report.<li><p>Let <var>serializedReferrer</var> be an empty string.<li><p>If <var>referrer</var> is a <a id=coop-reporting:url-9 href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a>, set <var>serializedReferrer</var> to the
   <a href=https://url.spec.whatwg.org/#concept-url-serializer id=coop-reporting:concept-url-serializer-3 data-x-internal=concept-url-serializer>serialization</a> of <var>referrer</var>.

   <li>
    <p>Let <var>body</var> be a new object containing the following properties:</p>

    <table class=data><thead><tr><th>key<th>value<tbody><tr><td>disposition<td>"<code>reporting</code>"<tr><td>effectivePolicy<td><var>coop</var>'s <a href=#coop-struct-report-only-value id=coop-reporting:coop-struct-report-only-value-4>report-only
       value</a><tr><td>property<td><var>propertyName</var><tr><td>openerURL<td>If <var>coopOrigin</var> and <var>openerOrigin</var> are <a href=#same-origin id=coop-reporting:same-origin-5>same origin</a>, this
       is the <a href=#sanitize-url-report id=coop-reporting:sanitize-url-report-3>sanitization</a> of <var>openerURL</var>, null
       otherwise.<tr><td>referrer<td><var>serializedReferrer</var><tr><td>sourceFile<td><var>sourceFile</var><tr><td>lineNumber<td><var>lineNumber</var><tr><td>columnNumber<td><var>columnNumber</var><tr><td>type<td>"<code>access-to-opener</code>"</table>
   <li><p><a href=https://w3c.github.io/reporting/#queue-report id=coop-reporting:queue-a-report-3 data-x-internal=queue-a-report>Queue</a> <var>body</var> as "<code>coop</code>" for <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-6>reporting endpoint</a> with <var>coopURL</var> and
   <var>environment</var>.</ol>

  <p>To <dfn id=coop-violation-access-to-opened>queue a violation report for access to an
  opened window</dfn>, given an <a href=#cross-origin-opener-policy id=coop-reporting:cross-origin-opener-policy-5>opener policy</a> <var>coop</var>,
  three <a href=https://url.spec.whatwg.org/#concept-url id=coop-reporting:url-10 data-x-internal=url>URLs</a> <var>coopURL</var>, <var>openedWindowURL</var> and
  <var>initialWindowURL</var>, three <a href=#concept-origin id=coop-reporting:concept-origin-5>origins</a> <var>coopOrigin</var>,
  <var>openedWindowOrigin</var>, and <var>openerInitialOrigin</var>, a string
  <var>propertyName</var>, and an <a id=coop-reporting:environment-settings-object-4 href=webappapis.html#environment-settings-object>environment settings object</a>
  <var>environment</var>:</p>

  <ol><li><p>Let <var>sourceFile</var>, <var>lineNumber</var>, and <var>columnNumber</var> be the
   relevant script URL and problematic position which triggered this report.<li>
    <p>Let <var>body</var> be a new object containing the following properties:</p>

    <table class=data><thead><tr><th>key<th>value<tbody><tr><td>disposition<td>"<code>reporting</code>"<tr><td>effectivePolicy<td><var>coop</var>'s <a href=#coop-struct-report-only-value id=coop-reporting:coop-struct-report-only-value-5>report-only
       value</a><tr><td>property<td><var>propertyName</var><tr><td>openedWindowURL<td>If <var>coopOrigin</var> and <var>openedWindowOrigin</var> are <a href=#same-origin id=coop-reporting:same-origin-6>same origin</a>, this
       is the <a href=#sanitize-url-report id=coop-reporting:sanitize-url-report-4>sanitization</a> of <var>openedWindowURL</var>,
       null otherwise.<tr><td>openedWindowInitialURL<td>If <var>coopOrigin</var> and <var>openerInitialOrigin</var> are <a href=#same-origin id=coop-reporting:same-origin-7>same origin</a>,
       this is the <a href=#sanitize-url-report id=coop-reporting:sanitize-url-report-5>sanitization</a> of
       <var>initialWindowURL</var>, null otherwise.<tr><td>sourceFile<td><var>sourceFile</var><tr><td>lineNumber<td><var>lineNumber</var><tr><td>columnNumber<td><var>columnNumber</var><tr><td>type<td>"<code>access-to-opener</code>"</table>
   <li><p><a href=https://w3c.github.io/reporting/#queue-report id=coop-reporting:queue-a-report-4 data-x-internal=queue-a-report>Queue</a> <var>body</var> as "<code>coop</code>"
   for <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-7>reporting endpoint</a> with
   <var>coopURL</var> and <var>environment</var>.</ol>


  <p>To <dfn id=coop-violation-access-to-other>queue a violation report for access to another
  window</dfn>, given an <a href=#cross-origin-opener-policy id=coop-reporting:cross-origin-opener-policy-6>opener policy</a> <var>coop</var>, two
  <a href=https://url.spec.whatwg.org/#concept-url id=coop-reporting:url-11 data-x-internal=url>URLs</a> <var>coopURL</var> and <var>otherURL</var>, two <a href=#concept-origin id=coop-reporting:concept-origin-6>origins</a> <var>coopOrigin</var> and <var>otherOrigin</var>, a string
  <var>propertyName</var>, and an <a id=coop-reporting:environment-settings-object-5 href=webappapis.html#environment-settings-object>environment settings object</a>
  <var>environment</var>:</p>

  <ol><li><p>Let <var>sourceFile</var>, <var>lineNumber</var>, and <var>columnNumber</var> be the
   relevant script URL and problematic position which triggered this report.<li>
    <p>Let <var>body</var> be a new object containing the following properties:</p>

    <table class=data><thead><tr><th>key<th>value<tbody><tr><td>disposition<td>"<code>reporting</code>"<tr><td>effectivePolicy<td><var>coop</var>'s <a href=#coop-struct-report-only-value id=coop-reporting:coop-struct-report-only-value-6>report-only
       value</a><tr><td>property<td><var>propertyName</var><tr><td>otherURL<td>If <var>coopOrigin</var> and <var>otherOrigin</var> are <a href=#same-origin id=coop-reporting:same-origin-8>same origin</a>, this
       is the <a href=#sanitize-url-report id=coop-reporting:sanitize-url-report-6>sanitization</a> of <var>otherURL</var>, null
       otherwise.<tr><td>sourceFile<td><var>sourceFile</var><tr><td>lineNumber<td><var>lineNumber</var><tr><td>columnNumber<td><var>columnNumber</var><tr><td>type<td>"<code>access-to-opener</code>"</table>
   <li><p><a href=https://w3c.github.io/reporting/#queue-report id=coop-reporting:queue-a-report-5 data-x-internal=queue-a-report>Queue</a> <var>body</var> as "<code>coop</code>"
   for <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-8>reporting endpoint</a> with
   <var>coopURL</var> and <var>environment</var>.</ol>

  <p>To <dfn id=coop-violation-access-from-opener>queue a violation report for access from the
  opener</dfn>, given an <a href=#cross-origin-opener-policy id=coop-reporting:cross-origin-opener-policy-7>opener policy</a> <var>coop</var>, two
  <a href=https://url.spec.whatwg.org/#concept-url id=coop-reporting:url-12 data-x-internal=url>URLs</a> <var>coopURL</var> and <var>openerURL</var>, two <a href=#concept-origin id=coop-reporting:concept-origin-7>origins</a> <var>coopOrigin</var> and <var>openerOrigin</var>, a string
  <var>propertyName</var>, and a <a href=https://fetch.spec.whatwg.org/#concept-request-referrer id=coop-reporting:concept-request-referrer-3 data-x-internal=concept-request-referrer>referrer</a>
  <var>referrer</var>:</p>

  <ol><li><p>If <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-9>reporting endpoint</a>
   is null, return.<li><p>Let <var>serializedReferrer</var> be an empty string.<li><p>If <var>referrer</var> is a <a id=coop-reporting:url-13 href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a>, set <var>serializedReferrer</var> to the
   <a href=https://url.spec.whatwg.org/#concept-url-serializer id=coop-reporting:concept-url-serializer-4 data-x-internal=concept-url-serializer>serialization</a> of <var>referrer</var>.

   <li>
    <p>Let <var>body</var> be a new object containing the following properties:</p>

    <table class=data><thead><tr><th>key<th>value<tbody><tr><td>disposition<td>"<code>reporting</code>"<tr><td>effectivePolicy<td><var>coop</var>'s <a href=#coop-struct-report-only-value id=coop-reporting:coop-struct-report-only-value-7>report-only
       value</a><tr><td>property<td><var>propertyName</var><tr><td>openerURL<td>If <var>coopOrigin</var> and <var>openerOrigin</var> are <a href=#same-origin id=coop-reporting:same-origin-9>same origin</a>, this
       is the <a href=#sanitize-url-report id=coop-reporting:sanitize-url-report-7>sanitization</a> of <var>openerURL</var>, null
       otherwise.<tr><td>referrer<td><var>serializedReferrer</var><tr><td>type<td>"<code>access-to-opener</code>"</table>
   <li><p><a href=https://w3c.github.io/reporting/#queue-report id=coop-reporting:queue-a-report-6 data-x-internal=queue-a-report>Queue</a> <var>body</var> as "<code>coop</code>"
   for <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-10>reporting endpoint</a> with
   <var>coopURL</var>.</ol>

  <p>To <dfn id=coop-violation-access-from-opened>queue a violation report for access from an
  opened window</dfn>, given an <a href=#cross-origin-opener-policy id=coop-reporting:cross-origin-opener-policy-8>opener policy</a> <var>coop</var>,
  three <a href=https://url.spec.whatwg.org/#concept-url id=coop-reporting:url-14 data-x-internal=url>URLs</a> <var>coopURL</var>, <var>openedWindowURL</var> and
  <var>initialWindowURL</var>, three <a href=#concept-origin id=coop-reporting:concept-origin-8>origins</a> <var>coopOrigin</var>,
  <var>openedWindowOrigin</var>, and <var>openerInitialOrigin</var>, and a string
  <var>propertyName</var>:</p>

  <ol><li><p>If <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-11>reporting endpoint</a>
   is null, return.<li>
    <p>Let <var>body</var> be a new object containing the following properties:</p>

    <table class=data><thead><tr><th>key<th>value<tbody><tr><td>disposition<td>"<code>reporting</code>"<tr><td>effectivePolicy<td><var>coopValue</var><tr><td>property<td><var>coop</var>'s <a href=#coop-struct-report-only-value id=coop-reporting:coop-struct-report-only-value-8>report-only
       value</a><tr><td>openedWindowURL<td>If <var>coopOrigin</var> and <var>openedWindowOrigin</var> are <a href=#same-origin id=coop-reporting:same-origin-10>same origin</a>, this
       is the <a href=#sanitize-url-report id=coop-reporting:sanitize-url-report-8>sanitization</a> of <var>openedWindowURL</var>,
       null otherwise.<tr><td>openedWindowInitialURL<td>If <var>coopOrigin</var> and <var>openerInitialOrigin</var> are <a href=#same-origin id=coop-reporting:same-origin-11>same origin</a>,
       this is the <a href=#sanitize-url-report id=coop-reporting:sanitize-url-report-9>sanitization</a> of
       <var>initialWindowURL</var>, null otherwise.<tr><td>type<td>"<code>access-to-opener</code>"</table>
   <li><p><a href=https://w3c.github.io/reporting/#queue-report id=coop-reporting:queue-a-report-7 data-x-internal=queue-a-report>Queue</a> <var>body</var> as "<code>coop</code>"
   for <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-12>reporting endpoint</a> with
   <var>coopURL</var>.</ol>


  <p>To <dfn id=coop-violation-access-from-other>queue a violation report for access from
  another window</dfn>, given an <a href=#cross-origin-opener-policy id=coop-reporting:cross-origin-opener-policy-9>opener policy</a> <var>coop</var>,
  two <a href=https://url.spec.whatwg.org/#concept-url id=coop-reporting:url-15 data-x-internal=url>URLs</a> <var>coopURL</var> and <var>otherURL</var>, two <a href=#concept-origin id=coop-reporting:concept-origin-9>origins</a> <var>coopOrigin</var> and <var>otherOrigin</var>, and a string
  <var>propertyName</var>:</p>

  <ol><li><p>If <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-13>reporting endpoint</a>
   is null, return.<li>
    <p>Let <var>body</var> be a new object containing the following properties:</p>

    <table class=data><thead><tr><th>key<th>value<tbody><tr><td>disposition<td>"<code>reporting</code>"<tr><td>effectivePolicy<td><var>coop</var>'s <a href=#coop-struct-report-only-value id=coop-reporting:coop-struct-report-only-value-9>report-only
       value</a><tr><td>property<td><var>propertyName</var><tr><td>otherURL<td>If <var>coopOrigin</var> and <var>otherOrigin</var> are <a href=#same-origin id=coop-reporting:same-origin-12>same origin</a>, this
       is the <a href=#sanitize-url-report id=coop-reporting:sanitize-url-report-10>sanitization</a> of <var>otherURL</var>, null
       otherwise.<tr><td>type<td><code>access-to-opener</code></table>
   <li><p><a href=https://w3c.github.io/reporting/#queue-report id=coop-reporting:queue-a-report-8 data-x-internal=queue-a-report>Queue</a> <var>body</var> as "<code>coop</code>"
   for <var>coop</var>'s <a href=#coop-struct-report-endpoint id=coop-reporting:coop-struct-report-endpoint-14>reporting endpoint</a> with
   <var>coopURL</var>.</ol>

  


  <h4 id=coep><span class=secno>7.1.4</span> Cross-origin embedder policies<a href=#coep class=self-link></a></h4><div class="mdn-anno wrapped"><button onclick=toggleStatus(this) class=mdn-anno-btn><b title="Support in all current engines." class=all-engines-flag>✔</b><span>MDN</span></button><div class=feature><p><a href=https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy title="The HTTP Cross-Origin-Embedder-Policy (COEP) response header configures embedding cross-origin resources into the document.">Headers/Cross-Origin-Embedder-Policy</a><p class=all-engines-text>Support in all current engines.<div class=support><span class="firefox yes"><span>Firefox</span><span>79+</span></span><span class="safari yes"><span>Safari</span><span>15.2+</span></span><span class="chrome yes"><span>Chrome</span><span>83+</span></span><hr><span class="opera unknown"><span>Opera</span><span>?</span></span><span class="edge_blink yes"><span>Edge</span><span>83+</span></span><hr><span class="edge unknown"><span>Edge (Legacy)</span><span>?</span></span><span class="ie no"><span>Internet Explorer</span><span>No</span></span><hr><span class="firefox_android unknown"><span>Firefox Android</span><span>?</span></span><span class="safari_ios unknown"><span>Safari iOS</span><span>?</span></span><span class="chrome_android unknown"><span>Chrome Android</span><span>?</span></span><span class="webview_android yes"><span>WebView Android</span><span>86+</span></span><span class="samsunginternet_android unknown"><span>Samsung Internet</span><span>?</span></span><span class="opera_android unknown"><span>Opera Android</span><span>?</span></span></div></div></div>

  <p>An <dfn id=embedder-policy-value data-export="">embedder policy value</dfn> is one of three strings that controls the fetching
  of cross-origin resources without explicit permission from resource owners.</p>

  <dl><dt>"<dfn data-dfn-for="embedder policy value" id=coep-unsafe-none data-export=""><code>unsafe-none</code></dfn>"<dd><p>This is the default value. When this value is used, cross-origin resources can be fetched
   without giving explicit permission through the <a id=coep:cors-protocol href=https://fetch.spec.whatwg.org/#http-cors-protocol data-x-internal=cors-protocol>CORS protocol</a> or the
   `<code id=coep:cross-origin-resource-policy><a data-x-internal=cross-origin-resource-policy href=https://fetch.spec.whatwg.org/#http-cross-origin-resource-policy>Cross-Origin-Resource-Policy</a></code>` header.<dt>"<dfn data-dfn-for="embedder policy value" id=coep-require-corp data-export=""><code>require-corp</code></dfn>"<dd><p>When this value is used, fetching cross-origin resources requires the server's
   explicit permission through the <a id=coep:cors-protocol-2 href=https://fetch.spec.whatwg.org/#http-cors-protocol data-x-internal=cors-protocol>CORS protocol</a> or the
   `<code id=coep:cross-origin-resource-policy-2><a data-x-internal=cross-origin-resource-policy href=https://fetch.spec.whatwg.org/#http-cross-origin-resource-policy>Cross-Origin-Resource-Policy</a></code>` header.<dt>"<dfn data-dfn-for="embedder policy value" id=coep-credentialless data-export=""><code>credentialless</code></dfn>"<dd><p>When this value is used, fetching cross-origin no-CORS resources omits credentials. In
   exchange, an explicit `<code id=coep:cross-origin-resource-policy-3><a data-x-internal=cross-origin-resource-policy href=https://fetch.spec.whatwg.org/#http-cross-origin-resource-policy>Cross-Origin-Resource-Policy</a></code>` header is not required. Other
   requests sent with credentials require the server's explicit permission through the <a id=coep:cors-protocol-3 href=https://fetch.spec.whatwg.org/#http-cors-protocol data-x-internal=cors-protocol>CORS
   protocol</a> or the `<code id=coep:cross-origin-resource-policy-4><a data-x-internal=cross-origin-resource-policy href=https://fetch.spec.whatwg.org/#http-cross-origin-resource-policy>Cross-Origin-Resource-Policy</a></code>` header.</dl>

  <div class=warning>
   <p>Before supporting "<code id=coep:coep-credentialless><a href=#coep-credentialless>credentialless</a></code>", implementers are
   strongly encouraged to support both:

   <ul class=brief><li><a href=https://wicg.github.io/private-network-access/>Private Network Access</a><li><a href=https://github.com/annevk/orb>Opaque Response Blocking</a></ul>

   <p>Otherwise, it would allow attackers to leverage the client's network position to read non
   public resources, using the <a href=webappapis.html#concept-settings-object-cross-origin-isolated-capability id=coep:concept-settings-object-cross-origin-isolated-capability>cross-origin isolated
   capability</a>.</p>
  </div>

  <p>An <a href=#embedder-policy-value id=coep:embedder-policy-value>embedder policy value</a> is <dfn id=compatible-with-cross-origin-isolation>compatible with cross-origin isolation</dfn> if
  it is "<code id=coep:coep-credentialless-2><a href=#coep-credentialless>credentialless</a></code>" or "<code id=coep:coep-require-corp><a href=#coep-require-corp>require-corp</a></code>".</p>

  

  <p>An <dfn id=embedder-policy data-export="">embedder policy</dfn> consists of:</p>

  <ul><li><p>A <dfn data-dfn-for="embedder policy" id=embedder-policy-value-2 data-export="">value</dfn>, which is an <a href=#embedder-policy-value id=coep:embedder-policy-value-2>embedder policy value</a>, initially "<code id=coep:coep-unsafe-none><a href=#coep-unsafe-none>unsafe-none</a></code>".<li><p>A <dfn data-dfn-for="embedder policy" id=embedder-policy-reporting-endpoint data-export="">reporting endpoint</dfn> string, initially the empty string.<li><p>A <dfn data-dfn-for="embedder policy" id=embedder-policy-report-only-value data-export="">report only value</dfn>, which is an <a href=#embedder-policy-value id=coep:embedder-policy-value-3>embedder policy value</a>, initially
   "<code id=coep:coep-unsafe-none-2><a href=#coep-unsafe-none>unsafe-none</a></code>".<li><p>A <dfn data-dfn-for="embedder
   policy" id=embedder-policy-report-only-reporting-endpoint data-export="">report only reporting endpoint</dfn> string, initially the empty
   string.</ul>

  <p>The <dfn id=coep-report-type data-export="">"<code>coep</code>" report type</dfn> is a <a id=coep:report-type href=https://w3c.github.io/reporting/#report-type data-x-internal=report-type>report type</a> whose value
  is "<code>coep</code>". It is <a id=coep:visible-to-reportingobservers href=https://w3c.github.io/reporting/#visible-to-reportingobservers data-x-internal=visible-to-reportingobservers>visible to
  <code>ReportingObserver</code>s</a>.</p>

  


  <h5 id=the-coep-headers><span class=secno>7.1.4.1</span> The headers<a href=#the-coep-headers class=self-link></a></h5>

  <p>The `<dfn id=cross-origin-embedder-policy data-dfn-type=http-header><code>Cross-Origin-Embedder-Policy</code></dfn>` and
  `<dfn id=cross-origin-embedder-policy-report-only data-dfn-type=http-header><code>Cross-Origin-Embedder-Policy-Report-Only</code></dfn>` HTTP response
  headers allow a server to declare an <a href=#embedder-policy id=the-coep-headers:embedder-policy>embedder policy</a> for an <a id=the-coep-headers:environment-settings-object href=webappapis.html#environment-settings-object>environment
  settings object</a>. These headers are <a href=https://httpwg.org/specs/rfc8941.html id=the-coep-headers:http-structured-header data-x-internal=http-structured-header>structured
  headers</a> whose values must be <a href=https://httpwg.org/specs/rfc8941.html#token id=the-coep-headers:http-structured-header-token data-x-internal=http-structured-header-token>token</a>.
  <a href=references.html#refsSTRUCTURED-FIELDS>[STRUCTURED-FIELDS]</a>

  <p>The valid <a href=https://httpwg.org/specs/rfc8941.html#token id=the-coep-headers:http-structured-header-token-2 data-x-internal=http-structured-header-token>token</a> values are the <a href=#embedder-policy-value id=the-coep-headers:embedder-policy-value>embedder policy values</a>. The token may also have attached <a href=https://httpwg.org/specs/rfc8941.html#param id=the-coep-headers:http-structured-header-parameters data-x-internal=http-structured-header-parameters>parameters</a>; of these, the "<dfn id=coep-report-to><code>report-to</code></dfn>" parameter can have a <a id=the-coep-headers:valid-url-string href=https://url.spec.whatwg.org/#valid-url-string data-x-internal=valid-url-string>valid URL
  string</a> identifying an appropriate reporting endpoint. <a href=references.html#refsREPORTING>[REPORTING]</a></p>

  <div class=note>
   <p>The <a href=#obtain-an-embedder-policy id=the-coep-headers:obtain-an-embedder-policy>processing model</a> fails open (by defaulting
   to "<code id=the-coep-headers:coep-unsafe-none><a href=#coep-unsafe-none>unsafe-none</a></code>") in the presence of a header that cannot
   be parsed as a token. This includes inadvertent lists created by combining multiple instances of
   the `<code id=the-coep-headers:cross-origin-embedder-policy><a href=#cross-origin-embedder-policy>Cross-Origin-Embedder-Policy</a></code>` header present in a given response:</p>

   <table class=data><thead><tr><th>`<code id=the-coep-headers:cross-origin-embedder-policy-2><a href=#cross-origin-embedder-policy>Cross-Origin-Embedder-Policy</a></code>`<th>Final <a href=#embedder-policy-value id=the-coep-headers:embedder-policy-value-2>embedder policy value</a><tbody><tr><td><em>No header delivered</em><td>"<code id=the-coep-headers:coep-unsafe-none-2><a href=#coep-unsafe-none>unsafe-none</a></code>"<tr><td>`<code>require-corp</code>`<td>"<code id=the-coep-headers:coep-require-corp><a href=#coep-require-corp>require-corp</a></code>"<tr><td>`<code>unknown-value</code>`<td>"<code id=the-coep-headers:coep-unsafe-none-3><a href=#coep-unsafe-none>unsafe-none</a></code>"<tr><td>`<code>require-corp, unknown-value</code>`<td>"<code id=the-coep-headers:coep-unsafe-none-4><a href=#coep-unsafe-none>unsafe-none</a></code>"<tr><td>`<code>unknown-value, unknown-value</code>`<td>"<code id=the-coep-headers:coep-unsafe-none-5><a href=#coep-unsafe-none>unsafe-none</a></code>"<tr><td>`<code>unknown-value, require-corp</code>`<td>"<code id=the-coep-headers:coep-unsafe-none-6><a href=#coep-unsafe-none>unsafe-none</a></code>"<tr><td>`<code>require-corp, require-corp</code>`<td>"<code id=the-coep-headers:coep-unsafe-none-7><a href=#coep-unsafe-none>unsafe-none</a></code>"</table>

   <p>(The same applies to `<code id=the-coep-headers:cross-origin-embedder-policy-report-only><a href=#cross-origin-embedder-policy-report-only>Cross-Origin-Embedder-Policy-Report-Only</a></code>`.)</p>
  </div>

  

  <hr>

  <p>To <dfn id=obtain-an-embedder-policy data-export="">obtain an embedder policy</dfn> from a <a href=https://fetch.spec.whatwg.org/#concept-response id=the-coep-headers:concept-response data-x-internal=concept-response>response</a> <var>response</var> and an <a id=the-coep-headers:environment href=webappapis.html#environment>environment</a>
  <var>environment</var>:</p>

  <ol><li><p>Let <var>policy</var> be a new <a href=#embedder-policy id=the-coep-headers:embedder-policy-2>embedder policy</a>.<li><p>If <var>environment</var> is a <a id=the-coep-headers:non-secure-context href=webappapis.html#non-secure-context>non-secure context</a>, then return
   <var>policy</var>.<li><p>Let <var>parsedItem</var> be the result of <a id=the-coep-headers:getting-a-structured-field-value href=https://fetch.spec.whatwg.org/#concept-header-list-get-structured-header data-x-internal=getting-a-structured-field-value>getting a structured field value</a>
   with `<code id=the-coep-headers:cross-origin-embedder-policy-3><a href=#cross-origin-embedder-policy>Cross-Origin-Embedder-Policy</a></code>` and "<code>item</code>" from
   <var>response</var>'s <a href=https://fetch.spec.whatwg.org/#concept-response-header-list id=the-coep-headers:concept-response-header-list data-x-internal=concept-response-header-list>header list</a>.<li>
    <p>If <var>parsedItem</var> is non-null and <var>parsedItem</var>[0] is <a href=#compatible-with-cross-origin-isolation id=the-coep-headers:compatible-with-cross-origin-isolation>compatible with
    cross-origin isolation</a>:</p>

    <ol><li><p>Set <var>policy</var>'s <a href=#embedder-policy-value-2 id=the-coep-headers:embedder-policy-value-2-2>value</a> to
     <var>parsedItem</var>[0].<li><p>If <var>parsedItem</var>[1]["<code id=the-coep-headers:coep-report-to><a href=#coep-report-to>report-to</a></code>"] <a href=https://infra.spec.whatwg.org/#map-exists id=the-coep-headers:map-exists data-x-internal=map-exists>exists</a>, then set <var>policy</var>'s <a href=#embedder-policy-reporting-endpoint id=the-coep-headers:embedder-policy-reporting-endpoint>endpoint</a> to
     <var>parsedItem</var>[1]["<code id=the-coep-headers:coep-report-to-2><a href=#coep-report-to>report-to</a></code>"].</ol>
   <li><p>Set <var>parsedItem</var> to the result of <a id=the-coep-headers:getting-a-structured-field-value-2 href=https://fetch.spec.whatwg.org/#concept-header-list-get-structured-header data-x-internal=getting-a-structured-field-value>getting a structured field value</a>
   with `<code id=the-coep-headers:cross-origin-embedder-policy-report-only-2><a href=#cross-origin-embedder-policy-report-only>Cross-Origin-Embedder-Policy-Report-Only</a></code>` and "<code>item</code>"
   from <var>response</var>'s <a href=https://fetch.spec.whatwg.org/#concept-response-header-list id=the-coep-headers:concept-response-header-list-2 data-x-internal=concept-response-header-list>header
   list</a>.<li>
    <p>If <var>parsedItem</var> is non-null and <var>parsedItem</var>[0] is <a href=#compatible-with-cross-origin-isolation id=the-coep-headers:compatible-with-cross-origin-isolation-2>compatible with
    cross-origin isolation</a>:</p>

    <ol><li><p>Set <var>policy</var>'s <a href=#embedder-policy-report-only-value id=the-coep-headers:embedder-policy-report-only-value>report only value</a> to
     <var>parsedItem</var>[0].<li><p>If <var>parsedItem</var>[1]["<code id=the-coep-headers:coep-report-to-3><a href=#coep-report-to>report-to</a></code>"] <a href=https://infra.spec.whatwg.org/#map-exists id=the-coep-headers:map-exists-2 data-x-internal=map-exists>exists</a>, then set <var>policy</var>'s <a href=#embedder-policy-report-only-reporting-endpoint id=the-coep-headers:embedder-policy-report-only-reporting-endpoint>endpoint</a> to
     <var>parsedItem</var>[1]["<code id=the-coep-headers:coep-report-to-4><a href=#coep-report-to>report-to</a></code>"].</ol>
   <li><p>Return <var>policy</var>.</ol>


  <h5 id=embedder-policy-checks><span class=secno>7.1.4.2</span> Embedder policy checks<a href=#embedder-policy-checks class=self-link></a></h5>

  <p>To <dfn id="check-a-navigation-response's-adherence-to-its-embedder-policy">check a navigation response's adherence to its embedder policy</dfn> given a <a href=https://fetch.spec.whatwg.org/#concept-response id=embedder-policy-checks:concept-response data-x-internal=concept-response>response</a> <var>response</var>, a <a id=embedder-policy-checks:navigable href=document-sequences.html#navigable>navigable</a>
  <var>navigable</var>, and an <a href=#embedder-policy id=embedder-policy-checks:embedder-policy>embedder policy</a> <var>responsePolicy</var>:</p>

  <ol><li><p>If <var>navigable</var> is not a <a id=embedder-policy-checks:child-navigable href=document-sequences.html#child-navigable>child navigable</a>, then return
   true.<li><p>Let <var>parentPolicy</var> be <var>navigable</var>'s <a href=document-sequences.html#nav-container-document id=embedder-policy-checks:nav-container-document>container document</a>'s <a href=dom.html#concept-document-policy-container id=embedder-policy-checks:concept-document-policy-container>policy container</a>'s <a href=#policy-container-embedder-policy id=embedder-policy-checks:policy-container-embedder-policy>embedder policy</a>.<li><p>If <var>parentPolicy</var>'s <a href=#embedder-policy-report-only-value id=embedder-policy-checks:embedder-policy-report-only-value>report-only
   value</a> is <a href=#compatible-with-cross-origin-isolation id=embedder-policy-checks:compatible-with-cross-origin-isolation>compatible with cross-origin isolation</a> and
   <var>responsePolicy</var>'s <a href=#embedder-policy-value-2 id=embedder-policy-checks:embedder-policy-value-2>value</a> is not, then
   <a href=#queue-a-cross-origin-embedder-policy-inheritance-violation id=embedder-policy-checks:queue-a-cross-origin-embedder-policy-inheritance-violation>queue a cross-origin embedder policy inheritance violation</a> with <var>response</var>,
   "<code>navigation</code>", <var>parentPolicy</var>'s <a href=#embedder-policy-report-only-reporting-endpoint id=embedder-policy-checks:embedder-policy-report-only-reporting-endpoint>report only reporting endpoint</a>,
   "<code>reporting</code>", and <var>navigable</var>'s <a href=document-sequences.html#nav-container-document id=embedder-policy-checks:nav-container-document-2>container document</a>'s <a id=embedder-policy-checks:relevant-settings-object href=webappapis.html#relevant-settings-object>relevant settings
   object</a>.<li><p>If <var>parentPolicy</var>'s <a href=#embedder-policy-value-2 id=embedder-policy-checks:embedder-policy-value-2-2>value</a> is not
   <a href=#compatible-with-cross-origin-isolation id=embedder-policy-checks:compatible-with-cross-origin-isolation-2>compatible with cross-origin isolation</a> or <var>responsePolicy</var>'s <a href=#embedder-policy-value-2 id=embedder-policy-checks:embedder-policy-value-2-3>value</a> is <a href=#compatible-with-cross-origin-isolation id=embedder-policy-checks:compatible-with-cross-origin-isolation-3>compatible with cross-origin
   isolation</a>, then return true.<li><p><a href=#queue-a-cross-origin-embedder-policy-inheritance-violation id=embedder-policy-checks:queue-a-cross-origin-embedder-policy-inheritance-violation-2>Queue a cross-origin embedder policy inheritance violation</a> with
   <var>response</var>, "<code>navigation</code>", <var>parentPolicy</var>'s <a href=#embedder-policy-reporting-endpoint id=embedder-policy-checks:embedder-policy-reporting-endpoint>reporting endpoint</a>,
   "<code>enforce</code>", and <var>navigable</var>'s
   <a href=document-sequences.html#nav-container-document id=embedder-policy-checks:nav-container-document-3>container document</a>'s <a id=embedder-policy-checks:relevant-settings-object-2 href=webappapis.html#relevant-settings-object>relevant settings
   object</a>.<li><p>Return false.</ol>

  <p>To <dfn id="check-a-global-object's-embedder-policy">check a global object's embedder policy</dfn> given a <code id=embedder-policy-checks:workerglobalscope><a href=workers.html#workerglobalscope>WorkerGlobalScope</a></code>
  <var>workerGlobalScope</var>, an <a id=embedder-policy-checks:environment-settings-object href=webappapis.html#environment-settings-object>environment settings object</a> <var>owner</var>, and
  a <a href=https://fetch.spec.whatwg.org/#concept-response id=embedder-policy-checks:concept-response-2 data-x-internal=concept-response>response</a> <var>response</var>:</p>

  <ol><li><p>If <var>workerGlobalScope</var> is not a <code id=embedder-policy-checks:dedicatedworkerglobalscope><a href=workers.html#dedicatedworkerglobalscope>DedicatedWorkerGlobalScope</a></code> object,
   then return true.<li><p>Let <var>policy</var> be <var>workerGlobalScope</var>'s <a href=workers.html#concept-workerglobalscope-embedder-policy id=embedder-policy-checks:concept-workerglobalscope-embedder-policy>embedder policy</a>.

   <li><p>Let <var>ownerPolicy</var> be <var>owner</var>'s <a href=webappapis.html#concept-settings-object-policy-container id=embedder-policy-checks:concept-settings-object-policy-container>policy container</a>'s <a href=#policy-container-embedder-policy id=embedder-policy-checks:policy-container-embedder-policy-2>embedder policy</a>.

   <li><p>If <var>ownerPolicy</var>'s <a href=#embedder-policy-report-only-value id=embedder-policy-checks:embedder-policy-report-only-value-2>report-only
   value</a> is <a href=#compatible-with-cross-origin-isolation id=embedder-policy-checks:compatible-with-cross-origin-isolation-4>compatible with cross-origin isolation</a> and <var>policy</var>'s
   <a href=#embedder-policy-value-2 id=embedder-policy-checks:embedder-policy-value-2-4>value</a> is not, then <a href=#queue-a-cross-origin-embedder-policy-inheritance-violation id=embedder-policy-checks:queue-a-cross-origin-embedder-policy-inheritance-violation-3>queue a cross-origin
   embedder policy inheritance violation</a> with <var>response</var>, "<code>worker
   initialization</code>", <var>ownerPolicy</var>'s <a href=#embedder-policy-report-only-reporting-endpoint id=embedder-policy-checks:embedder-policy-report-only-reporting-endpoint-2>report only reporting endpoint</a>,
   "<code>reporting</code>", and <var>owner</var>.<li><p>If <var>ownerPolicy</var>'s <a href=#embedder-policy-value-2 id=embedder-policy-checks:embedder-policy-value-2-5>value</a> is not
   <a href=#compatible-with-cross-origin-isolation id=embedder-policy-checks:compatible-with-cross-origin-isolation-5>compatible with cross-origin isolation</a> or <var>policy</var>'s <a href=#embedder-policy-value-2 id=embedder-policy-checks:embedder-policy-value-2-6>value</a> is <a href=#compatible-with-cross-origin-isolation id=embedder-policy-checks:compatible-with-cross-origin-isolation-6>compatible with cross-origin
   isolation</a>, then return true.<li><p><a href=#queue-a-cross-origin-embedder-policy-inheritance-violation id=embedder-policy-checks:queue-a-cross-origin-embedder-policy-inheritance-violation-4>Queue a cross-origin embedder policy inheritance violation</a> with
   <var>response</var>, "<code>worker initialization</code>", <var>ownerPolicy</var>'s
   <a href=#embedder-policy-reporting-endpoint id=embedder-policy-checks:embedder-policy-reporting-endpoint-2>reporting endpoint</a>,
   "<code>enforce</code>", and <var>owner</var>.<li><p>Return false.</ol>

  <p>To <dfn id=queue-a-cross-origin-embedder-policy-inheritance-violation>queue a cross-origin embedder policy inheritance violation</dfn> given a <a href=https://fetch.spec.whatwg.org/#concept-response id=embedder-policy-checks:concept-response-3 data-x-internal=concept-response>response</a> <var>response</var>, a string <var>type</var>, a string
  <var>endpoint</var>, a string <var>disposition</var>, and an <a id=embedder-policy-checks:environment-settings-object-2 href=webappapis.html#environment-settings-object>environment settings
  object</a> <var>settings</var>:</p>

  <ol><li><p>Let <var>serialized</var> be the result of <a href=https://fetch.spec.whatwg.org/#serialize-a-response-url-for-reporting id=embedder-policy-checks:serialize-a-response-url-for-reporting data-x-internal=serialize-a-response-url-for-reporting>serializing a response URL for
   reporting</a> with <var>response</var>.<li>
    <p>Let <var>body</var> be a new object containing the following properties:</p>

    <table class=data><thead><tr><th>key<th>value<tbody><tr><td>type<td><var>type</var><tr><td>blockedURL<td><var>serialized</var><tr><td>disposition<td><var>disposition</var></table>
   <li><p><a href=https://w3c.github.io/reporting/#queue-report id=embedder-policy-checks:queue-a-report data-x-internal=queue-a-report>Queue</a> <var>body</var> as the
   <a href=#coep-report-type id=embedder-policy-checks:coep-report-type>"<code>coep</code>" report type</a> for <var>endpoint</var> on <var>settings</var>.
  </ol>

  


  <h4 id=sandboxing><span class=secno>7.1.5</span> Sandboxing<a href=#sandboxing class=self-link></a></h4>

  <p>A <dfn id=sandboxing-flag-set data-export="">sandboxing flag set</dfn> is a set of zero or more of the following flags, which
  are used to restrict the abilities that potentially untrusted resources have:</p>

  <dl><dt>The <dfn id=sandboxed-navigation-browsing-context-flag data-export="">sandboxed navigation browsing context flag</dfn><dd>
    <p>This flag <a href=browsing-the-web.html#sandboxLinks>prevents content from navigating browsing contexts other
    than the sandboxed browsing context itself</a> (or browsing contexts further nested inside it),
    <a href=document-sequences.html#auxiliary-browsing-context id=sandboxing:auxiliary-browsing-context>auxiliary browsing contexts</a> (which are protected
    by the <a href=#sandboxed-auxiliary-navigation-browsing-context-flag id=sandboxing:sandboxed-auxiliary-navigation-browsing-context-flag>sandboxed auxiliary navigation browsing context flag</a> defined next), and the
    <a id=sandboxing:top-level-browsing-context href=document-sequences.html#top-level-browsing-context>top-level browsing context</a> (which is protected by the <a href=#sandboxed-top-level-navigation-without-user-activation-browsing-context-flag id=sandboxing:sandboxed-top-level-navigation-without-user-activation-browsing-context-flag>sandboxed top-level
    navigation without user activation browsing context flag</a> and <a href=#sandboxed-top-level-navigation-with-user-activation-browsing-context-flag id=sandboxing:sandboxed-top-level-navigation-with-user-activation-browsing-context-flag>sandboxed top-level
    navigation with user activation browsing context flag</a> defined below).</p>

    <p>If the <a href=#sandboxed-auxiliary-navigation-browsing-context-flag id=sandboxing:sandboxed-auxiliary-navigation-browsing-context-flag-2>sandboxed auxiliary navigation browsing context flag</a> is not set, then in
    certain cases the restrictions nonetheless allow popups (new <a href=document-sequences.html#top-level-browsing-context id=sandboxing:top-level-browsing-context-2>top-level browsing contexts</a>) to be opened. These <a href=document-sequences.html#browsing-context id=sandboxing:browsing-context>browsing contexts</a> always have <dfn id=one-permitted-sandboxed-navigator>one permitted sandboxed navigator</dfn>, set
    when the browsing context is created, which allows the <a id=sandboxing:browsing-context-2 href=document-sequences.html#browsing-context>browsing context</a> that
    created them to actually navigate them. (Otherwise, the <a href=#sandboxed-navigation-browsing-context-flag id=sandboxing:sandboxed-navigation-browsing-context-flag>sandboxed navigation browsing
    context flag</a> would prevent them from being navigated even if they were opened.)</p>
   <dt>The <dfn id=sandboxed-auxiliary-navigation-browsing-context-flag data-export="">sandboxed auxiliary navigation browsing context flag</dfn><dd>
    <p>This flag <a href=document-sequences.html#sandboxWindowOpen>prevents content from creating new auxiliary browsing
    contexts</a>, e.g. using the <code id=sandboxing:attr-hyperlink-target><a href=links.html#attr-hyperlink-target>target</a></code> attribute or
    the <code id=sandboxing:dom-open><a href=nav-history-apis.html#dom-open>window.open()</a></code> method.</p>
   <dt>The <dfn id=sandboxed-top-level-navigation-without-user-activation-browsing-context-flag data-export="">sandboxed top-level navigation without user activation browsing
   context flag</dfn><dd>
    <p>This flag <a href=browsing-the-web.html#sandboxLinks>prevents content from navigating their <span>top-level
    browsing context</span></a> and <a href=nav-history-apis.html#sandboxClose>prevents content from closing their
    <span>top-level browsing context</span></a>. It is consulted only when the sandboxed browsing
    context's <a id=sandboxing:active-window href=document-sequences.html#active-window>active window</a> does not have <a id=sandboxing:transient-activation href=interaction.html#transient-activation>transient activation</a>.</p>

    <p>When the <a href=#sandboxed-top-level-navigation-without-user-activation-browsing-context-flag id=sandboxing:sandboxed-top-level-navigation-without-user-activation-browsing-context-flag-2>sandboxed top-level navigation without user activation browsing context
    flag</a> is <em>not</em> set, content can navigate its <a id=sandboxing:top-level-browsing-context-3 href=document-sequences.html#top-level-browsing-context>top-level browsing
    context</a>, but other <a href=document-sequences.html#browsing-context id=sandboxing:browsing-context-3>browsing contexts</a> are still
    protected by the <a href=#sandboxed-navigation-browsing-context-flag id=sandboxing:sandboxed-navigation-browsing-context-flag-2>sandboxed navigation browsing context flag</a> and possibly
    the <a href=#sandboxed-auxiliary-navigation-browsing-context-flag id=sandboxing:sandboxed-auxiliary-navigation-browsing-context-flag-3>sandboxed auxiliary navigation browsing context flag</a>.</p>
   <dt>The <dfn id=sandboxed-top-level-navigation-with-user-activation-browsing-context-flag data-export="">sandboxed top-level navigation with user activation browsing context
   flag</dfn><dd>
    <p>This flag <a href=browsing-the-web.html#sandboxLinks>prevents content from navigating their <span>top-level
    browsing context</span></a> and <a href=nav-history-apis.html#sandboxClose>prevents content from closing their
    <span>top-level browsing context</span></a>. It is consulted only when the sandboxed browsing
    context's <a id=sandboxing:active-window-2 href=document-sequences.html#active-window>active window</a> has <a id=sandboxing:transient-activation-2 href=interaction.html#transient-activation>transient activation</a>.</p>

    <p>As with the <a href=#sandboxed-top-level-navigation-without-user-activation-browsing-context-flag id=sandboxing:sandboxed-top-level-navigation-without-user-activation-browsing-context-flag-3>sandboxed top-level navigation without user activation browsing context
    flag</a>, this flag only affects the <a id=sandboxing:top-level-browsing-context-4 href=document-sequences.html#top-level-browsing-context>top-level browsing context</a>; if it is not
    set, other <a href=document-sequences.html#browsing-context id=sandboxing:browsing-context-4>browsing contexts</a> might still be protected by
    other flags.</p>
   <dt>The <dfn id=sandboxed-origin-browsing-context-flag data-export="">sandboxed origin browsing context flag</dfn><dd>
    <p>This flag <a href=document-sequences.html#sandboxOrigin>forces content into an opaque origin</a>, thus preventing
    it from accessing other content from the same <a href=#concept-origin id=sandboxing:concept-origin>origin</a>.</p>

    <p>This flag also <a href=dom.html#sandboxCookies>prevents script from reading from or writing to the
    <code>document.cookie</code> IDL attribute</a>, and blocks access
    to <code id=sandboxing:dom-localstorage><a href=webstorage.html#dom-localstorage>localStorage</a></code>.</p>
   <dt>The <dfn id=sandboxed-forms-browsing-context-flag data-export="">sandboxed forms browsing context flag</dfn><dd>
    <p>This flag <a href=form-control-infrastructure.html#sandboxSubmitBlocked>blocks form submission</a>.</p>
   <dt>The <dfn id=sandboxed-pointer-lock-browsing-context-flag data-export="">sandboxed pointer lock browsing context flag</dfn><dd>
    <p>This flag disables the Pointer Lock API. <a href=references.html#refsPOINTERLOCK>[POINTERLOCK]</a></p>
   <dt>The <dfn id=sandboxed-scripts-browsing-context-flag data-export="">sandboxed scripts browsing context flag</dfn><dd>
    <p>This flag <a href=webappapis.html#sandboxScriptBlocked>blocks script execution</a>.</p>
   <dt>The <dfn id=sandboxed-automatic-features-browsing-context-flag data-export="">sandboxed automatic features browsing context flag</dfn><dd>
    <p>This flag blocks features that trigger automatically, such as <a href=media.html#attr-media-autoplay id=sandboxing:attr-media-autoplay>automatically playing a video</a> or <a href=interaction.html#attr-fe-autofocus id=sandboxing:attr-fe-autofocus>automatically focusing a form control</a>.</p>
   <dt>The <dfn id=sandboxed-document.domain-browsing-context-flag data-export="">sandboxed <code>document.domain</code>
   browsing context flag</dfn><dd>
    <p>This flag prevents content from using the
    <code id=sandboxing:dom-document-domain><a href=#dom-document-domain>document.domain</a></code> setter.</p>
   <dt>The <dfn id=sandbox-propagates-to-auxiliary-browsing-contexts-flag data-export="">sandbox propagates to auxiliary browsing contexts flag</dfn><dd>
    <p>This flag prevents content from escaping the sandbox by ensuring that any
    <a id=sandboxing:auxiliary-browsing-context-2 href=document-sequences.html#auxiliary-browsing-context>auxiliary browsing context</a> it creates inherits the content's
    <a href=#active-sandboxing-flag-set id=sandboxing:active-sandboxing-flag-set>active sandboxing flag set</a>.</p>
   <dt>The <dfn id=sandboxed-modals-flag data-export="">sandboxed modals flag</dfn><dd>
    <p>This flag prevents content from using any of the following features to produce modal
    dialogs:</p>

    <ul><li><code id=sandboxing:dom-alert><a href=timers-and-user-prompts.html#dom-alert>window.alert()</a></code><li><code id=sandboxing:dom-confirm><a href=timers-and-user-prompts.html#dom-confirm>window.confirm()</a></code><li><code id=sandboxing:dom-print><a href=timers-and-user-prompts.html#dom-print>window.print()</a></code><li><code id=sandboxing:dom-prompt><a href=timers-and-user-prompts.html#dom-prompt>window.prompt()</a></code><li>the <code id=sandboxing:event-beforeunload><a href=indices.html#event-beforeunload>beforeunload</a></code> event</ul>
   <dt>The <dfn id=sandboxed-orientation-lock-browsing-context-flag data-export="">sandboxed orientation lock browsing context flag</dfn><dd>
    <p>This flag disables the ability to lock the screen orientation.
    <a href=references.html#refsSCREENORIENTATION>[SCREENORIENTATION]</a></p>
   <dt>The <dfn id=sandboxed-presentation-browsing-context-flag data-export="">sandboxed presentation browsing context flag</dfn><dd>
    <p>This flag disables the Presentation API. <a href=references.html#refsPRESENTATION>[PRESENTATION]</a></p>
   <dt>The <dfn id=sandboxed-downloads-browsing-context-flag data-export="">sandboxed downloads browsing context flag</dfn><dd>
    <p>This flag prevents content from initiating or instantiating downloads, whether through <a href=links.html#downloading-hyperlinks id=sandboxing:downloading-hyperlinks>downloading hyperlinks</a> or through <a href=browsing-the-web.html#navigation-as-a-download>navigation</a> that gets <a href=links.html#handle-as-a-download id=sandboxing:handle-as-a-download>handled as a download</a>.</p>
   <dt>The <dfn id=sandboxed-custom-protocols-navigation-browsing-context-flag data-export="">sandboxed custom protocols navigation browsing context flag</dfn><dd>
    <p>This flag prevents navigations toward non <a href=https://fetch.spec.whatwg.org/#fetch-scheme id=sandboxing:fetch-scheme data-x-internal=fetch-scheme>fetch schemes</a>
    from being <a href=browsing-the-web.html#hand-off-to-external-software id=sandboxing:hand-off-to-external-software>handed off to external
    software</a>.</p>
   </dl>

  

  <p>When the user agent is to <dfn id=parse-a-sandboxing-directive data-export="">parse a sandboxing directive</dfn>, given a string
  <var>input</var> and a <a href=#sandboxing-flag-set id=sandboxing:sandboxing-flag-set>sandboxing flag set</a> <var>output</var>, it must run the following
  steps:</p>

  <ol><li><p><a href=https://infra.spec.whatwg.org/#split-on-ascii-whitespace id=sandboxing:split-a-string-on-spaces data-x-internal=split-a-string-on-spaces>Split <var>input</var> on ASCII
   whitespace</a>, to obtain <var>tokens</var>.<li><p>Let <var>output</var> be empty.<li>
    <p>Add the following flags to <var>output</var>:</p>

    <ul><li><p>The <a href=#sandboxed-navigation-browsing-context-flag id=sandboxing:sandboxed-navigation-browsing-context-flag-3>sandboxed navigation browsing context flag</a>.<li><p>The <a href=#sandboxed-auxiliary-navigation-browsing-context-flag id=sandboxing:sandboxed-auxiliary-navigation-browsing-context-flag-4>sandboxed auxiliary navigation browsing context flag</a>, unless
     <var>tokens</var> contains the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-popups data-dfn-type=attr-value><code>allow-popups</code></dfn> keyword.<li><p>The <a href=#sandboxed-top-level-navigation-without-user-activation-browsing-context-flag id=sandboxing:sandboxed-top-level-navigation-without-user-activation-browsing-context-flag-4>sandboxed top-level navigation without user activation browsing context
     flag</a>, unless <var>tokens</var> contains the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-top-navigation data-dfn-type=attr-value><code>allow-top-navigation</code></dfn>
     keyword.<li>
      <p>The <a href=#sandboxed-top-level-navigation-with-user-activation-browsing-context-flag id=sandboxing:sandboxed-top-level-navigation-with-user-activation-browsing-context-flag-2>sandboxed top-level navigation with user activation browsing context flag</a>,
      unless <var>tokens</var> contains either the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-top-navigation-by-user-activation data-dfn-type=attr-value><code>allow-top-navigation-by-user-activation</code></dfn>
      keyword or the <code id=sandboxing:attr-iframe-sandbox-allow-top-navigation><a href=#attr-iframe-sandbox-allow-top-navigation>allow-top-navigation</a></code> keyword.</p>

      <p class=note>This means that if the <code id=sandboxing:attr-iframe-sandbox-allow-top-navigation-2><a href=#attr-iframe-sandbox-allow-top-navigation>allow-top-navigation</a></code> is present, the <code id=sandboxing:attr-iframe-sandbox-allow-top-navigation-by-user-activation><a href=#attr-iframe-sandbox-allow-top-navigation-by-user-activation>allow-top-navigation-by-user-activation</a></code>
      keyword will have no effect. For this reason, specifying both is a document conformance error.</p>
     <li>
      <p>The <a href=#sandboxed-origin-browsing-context-flag id=sandboxing:sandboxed-origin-browsing-context-flag>sandboxed origin browsing context flag</a>, unless the <var>tokens</var>
      contains the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-same-origin data-dfn-type=attr-value><code>allow-same-origin</code></dfn> keyword.</p>

      <div class=note>
       <p>The <code id=sandboxing:attr-iframe-sandbox-allow-same-origin><a href=#attr-iframe-sandbox-allow-same-origin>allow-same-origin</a></code> keyword
       is intended for two cases.</p>

       <p>First, it can be used to allow content from the same site to be sandboxed to disable
       scripting, while still allowing access to the DOM of the sandboxed content.</p>

       <p>Second, it can be used to embed content from a third-party site, sandboxed to prevent that
       site from opening popups, etc, without preventing the embedded page from communicating back
       to its originating site, using the database APIs to store data, etc.</p>
      </div>
     <li><p>The <a href=#sandboxed-forms-browsing-context-flag id=sandboxing:sandboxed-forms-browsing-context-flag>sandboxed forms browsing context flag</a>, unless <var>tokens</var>
     contains the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-forms data-dfn-type=attr-value><code>allow-forms</code></dfn> keyword.<li><p>The <a href=#sandboxed-pointer-lock-browsing-context-flag id=sandboxing:sandboxed-pointer-lock-browsing-context-flag>sandboxed pointer lock browsing context flag</a>, unless <var>tokens</var>
     contains the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-pointer-lock data-dfn-type=attr-value><code>allow-pointer-lock</code></dfn>
     keyword.<li><p>The <a href=#sandboxed-scripts-browsing-context-flag id=sandboxing:sandboxed-scripts-browsing-context-flag>sandboxed scripts browsing context flag</a>, unless <var>tokens</var>
     contains the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-scripts data-dfn-type=attr-value><code>allow-scripts</code></dfn> keyword.<li>
      <p>The <a href=#sandboxed-automatic-features-browsing-context-flag id=sandboxing:sandboxed-automatic-features-browsing-context-flag>sandboxed automatic features browsing context flag</a>, unless
      <var>tokens</var> contains the <code id=sandboxing:attr-iframe-sandbox-allow-scripts><a href=#attr-iframe-sandbox-allow-scripts>allow-scripts</a></code> keyword (defined above).</p>

      <p class=note>This flag is relaxed by the same keyword as scripts, because when scripts are
      enabled these features are trivially possible anyway, and it would be unfortunate to force
      authors to use script to do them when sandboxed rather than allowing them to use the
      declarative features.</p>
     <li><p>The <a href=#sandboxed-document.domain-browsing-context-flag id=sandboxing:sandboxed-document.domain-browsing-context-flag>sandboxed <code>document.domain</code> browsing
     context flag</a>.<li><p>The <a href=#sandbox-propagates-to-auxiliary-browsing-contexts-flag id=sandboxing:sandbox-propagates-to-auxiliary-browsing-contexts-flag>sandbox propagates to auxiliary browsing contexts flag</a>, unless
     <var>tokens</var> contains the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-popups-to-escape-sandbox data-dfn-type=attr-value><code>allow-popups-to-escape-sandbox</code></dfn>
     keyword.<li><p>The <a href=#sandboxed-modals-flag id=sandboxing:sandboxed-modals-flag>sandboxed modals flag</a>, unless <var>tokens</var> contains the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-modals data-dfn-type=attr-value><code>allow-modals</code></dfn> keyword.<li><p>The <a href=#sandboxed-orientation-lock-browsing-context-flag id=sandboxing:sandboxed-orientation-lock-browsing-context-flag>sandboxed orientation lock browsing context flag</a>, unless
     <var>tokens</var> contains the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-orientation-lock data-dfn-type=attr-value><code>allow-orientation-lock</code></dfn>
     keyword.<li><p>The <a href=#sandboxed-presentation-browsing-context-flag id=sandboxing:sandboxed-presentation-browsing-context-flag>sandboxed presentation browsing context flag</a>, unless <var>tokens</var>
     contains the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-presentation data-dfn-type=attr-value><code>allow-presentation</code></dfn>
     keyword.<li><p>The <a href=#sandboxed-downloads-browsing-context-flag id=sandboxing:sandboxed-downloads-browsing-context-flag>sandboxed downloads browsing context flag</a>, unless <var>tokens</var>
     contains the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-downloads data-dfn-type=attr-value><code>allow-downloads</code></dfn> keyword.<li><p>The <a href=#sandboxed-custom-protocols-navigation-browsing-context-flag id=sandboxing:sandboxed-custom-protocols-navigation-browsing-context-flag>sandboxed custom protocols navigation browsing context flag</a>, unless
     <var>tokens</var> contains either the <dfn data-dfn-for=iframe/sandbox id=attr-iframe-sandbox-allow-top-navigation-to-custom-protocols data-dfn-type=attr-value><code>allow-top-navigation-to-custom-protocols</code></dfn>
     keyword, the <code id=sandboxing:attr-iframe-sandbox-allow-popups><a href=#attr-iframe-sandbox-allow-popups>allow-popups</a></code> keyword, or
     the <code id=sandboxing:attr-iframe-sandbox-allow-top-navigation-3><a href=#attr-iframe-sandbox-allow-top-navigation>allow-top-navigation</a></code>
     keyword.</ul>
   </ol>

  <hr>

  <p>Every <a id=sandboxing:top-level-browsing-context-5 href=document-sequences.html#top-level-browsing-context>top-level browsing context</a> has a <dfn id=popup-sandboxing-flag-set>popup sandboxing flag set</dfn>, which
  is a <a href=#sandboxing-flag-set id=sandboxing:sandboxing-flag-set-2>sandboxing flag set</a>. When a <a id=sandboxing:browsing-context-5 href=document-sequences.html#browsing-context>browsing context</a> is created, its
  <a href=#popup-sandboxing-flag-set id=sandboxing:popup-sandboxing-flag-set>popup sandboxing flag set</a> must be empty. It is populated by <a id=sandboxing:the-rules-for-choosing-a-navigable href=document-sequences.html#the-rules-for-choosing-a-navigable>the rules for
  choosing a navigable</a> and the <a href=#obtain-browsing-context-navigation id=sandboxing:obtain-browsing-context-navigation>obtain
  a browsing context to use for a navigation response</a> algorithm.</p>

  <p>Every <code id=sandboxing:the-iframe-element><a href=iframe-embed-object.html#the-iframe-element>iframe</a></code> element has an <dfn id=iframe-sandboxing-flag-set><code>iframe</code> sandboxing flag set</dfn>,
  which is a <a href=#sandboxing-flag-set id=sandboxing:sandboxing-flag-set-3>sandboxing flag set</a>. Which flags in an <a href=#iframe-sandboxing-flag-set id=sandboxing:iframe-sandboxing-flag-set><code>iframe</code>
  sandboxing flag set</a> are set at any particular time is determined by the <code id=sandboxing:the-iframe-element-2><a href=iframe-embed-object.html#the-iframe-element>iframe</a></code>
  element's <code id=sandboxing:attr-iframe-sandbox><a href=iframe-embed-object.html#attr-iframe-sandbox>sandbox</a></code> attribute.</p>

  <p>Every <code id=sandboxing:document><a href=dom.html#document>Document</a></code> has an <dfn data-dfn-for=Document id=active-sandboxing-flag-set data-export="">active sandboxing flag set</dfn>,
  which is a <a href=#sandboxing-flag-set id=sandboxing:sandboxing-flag-set-4>sandboxing flag set</a>. When the <code id=sandboxing:document-2><a href=dom.html#document>Document</a></code> is created, its
  <a href=#active-sandboxing-flag-set id=sandboxing:active-sandboxing-flag-set-2>active sandboxing flag set</a> must be empty. It is populated by the <a href=browsing-the-web.html#navigate id=sandboxing:navigate>navigation algorithm</a>.</p>

  <p id=forced-sandboxing-flag-set>Every <a href=https://w3c.github.io/webappsec-csp/#csp-list id=sandboxing:concept-csp-list data-x-internal=concept-csp-list>CSP list</a>
  <var>cspList</var> has <dfn id=csp-derived-sandboxing-flags>CSP-derived sandboxing flags</dfn>, which is a <a href=#sandboxing-flag-set id=sandboxing:sandboxing-flag-set-5>sandboxing flag
  set</a>. It is the return value of the following algorithm:</p>

  <ol><li><p>Let <var>directives</var> be an empty <a href=https://infra.spec.whatwg.org/#ordered-set id=sandboxing:set data-x-internal=set>ordered set</a>.<li>
    <p><a href=https://infra.spec.whatwg.org/#list-iterate id=sandboxing:list-iterate data-x-internal=list-iterate>For each</a> policy in <var>cspList</var>:</p>

    <ol><li><p>If <var>policy</var>'s <a href=https://w3c.github.io/webappsec-csp/#policy-disposition id=sandboxing:csp-disposition data-x-internal=csp-disposition>disposition</a> is not "<code>enforce</code>", then <a id=sandboxing:continue href=https://infra.spec.whatwg.org/#iteration-continue data-x-internal=continue>continue</a>.<li><p>If <var>policy</var>'s <a href=https://w3c.github.io/webappsec-csp/#policy-directive-set id=sandboxing:csp-directive-set data-x-internal=csp-directive-set>directive set</a> <a href=https://infra.spec.whatwg.org/#list-contain id=sandboxing:list-contains data-x-internal=list-contains>contains</a> a <a href=https://w3c.github.io/webappsec-csp/#directives id=sandboxing:content-security-policy-directive data-x-internal=content-security-policy-directive>directive</a> whose name is "<code id=sandboxing:sandbox-directive><a data-x-internal=sandbox-directive href=https://w3c.github.io/webappsec-csp/#sandbox>sandbox</a></code>",
     then <a href=https://infra.spec.whatwg.org/#list-append id=sandboxing:list-append data-x-internal=list-append>append</a> that directive to
     <var>directives</var>.</ol>
   <li><p>If <var>directives</var> is empty, then return an empty <a href=#sandboxing-flag-set id=sandboxing:sandboxing-flag-set-6>sandboxing flag
   set</a>.<li><p>Let <var>directive</var> be <var>directives</var>[<var>directives</var>'s <a href=https://infra.spec.whatwg.org/#list-size id=sandboxing:list-size data-x-internal=list-size>size</a> − 1].<li><p>Return the result of <a href=#parse-a-sandboxing-directive id=sandboxing:parse-a-sandboxing-directive>parsing the sandboxing
   directive</a> <var>directive</var>.</ol>

  <hr>

  <p>To <dfn id=determining-the-creation-sandboxing-flags>determine the creation sandboxing
  flags</dfn> for a <a href=document-sequences.html#concept-document-bc id=sandboxing:concept-document-bc>browsing context</a> <var>browsing
  context</var>, given null or an element <var>embedder</var>, return the <a href=https://infra.spec.whatwg.org/#set-union id=sandboxing:set-union data-x-internal=set-union>union</a> of the flags that are present in the following <a href=#sandboxing-flag-set id=sandboxing:sandboxing-flag-set-7>sandboxing flag sets</a>:</p>

  <ul><li><p>If <var>embedder</var> is null, then: the flags set on <var>browsing context</var>'s
   <a href=#popup-sandboxing-flag-set id=sandboxing:popup-sandboxing-flag-set-2>popup sandboxing flag set</a>.<li><p>If <var>embedder</var> is an element, then: the flags set on <var>embedder</var>'s
   <a href=#iframe-sandboxing-flag-set id=sandboxing:iframe-sandboxing-flag-set-2><code>iframe</code> sandboxing flag set</a>.<li><p>If <var>embedder</var> is an element, then: the flags set on <var>embedder</var>'s
   <a id=sandboxing:node-document href=https://dom.spec.whatwg.org/#concept-node-document data-x-internal=node-document>node document</a>'s <a href=#active-sandboxing-flag-set id=sandboxing:active-sandboxing-flag-set-3>active sandboxing flag set</a>.</ul>


  <h4 id=policy-containers><span class=secno>7.1.6</span> Policy containers<a href=#policy-containers class=self-link></a></h4>

  <p>A <dfn id=policy-container data-export="">policy container</dfn> is a <a id=policy-containers:struct href=https://infra.spec.whatwg.org/#struct data-x-internal=struct>struct</a> containing policies that apply to
  a <code id=policy-containers:document><a href=dom.html#document>Document</a></code>, a <code id=policy-containers:workerglobalscope><a href=workers.html#workerglobalscope>WorkerGlobalScope</a></code>, or a <code id=policy-containers:workletglobalscope><a href=worklets.html#workletglobalscope>WorkletGlobalScope</a></code>.
  It has the following <a href=https://infra.spec.whatwg.org/#struct-item id=policy-containers:struct-item data-x-internal=struct-item>items</a>:</p>

  

  <ul><li><p>A <dfn data-dfn-for="policy container" id=policy-container-csp-list data-export="">CSP list</dfn>,
   which is a <a href=https://w3c.github.io/webappsec-csp/#csp-list id=policy-containers:concept-csp-list data-x-internal=concept-csp-list>CSP list</a>. It is initially empty.<li><p>An <dfn data-dfn-for="policy container" id=policy-container-embedder-policy data-export="">embedder
   policy</dfn>, which is an <a href=#embedder-policy id=policy-containers:embedder-policy>embedder policy</a>. It is initially a new <a href=#embedder-policy id=policy-containers:embedder-policy-2>embedder
   policy</a>.<li><p>A <dfn data-dfn-for="policy container" id=policy-container-referrer-policy data-export="">referrer
   policy</dfn>, which is a <a id=policy-containers:referrer-policy href=https://w3c.github.io/webappsec-referrer-policy/#referrer-policy data-x-internal=referrer-policy>referrer policy</a>. It is initially the <a id=policy-containers:default-referrer-policy href=https://w3c.github.io/webappsec-referrer-policy/#default-referrer-policy data-x-internal=default-referrer-policy>default referrer
   policy</a>.<li><p>An <dfn data-dfn-for="policy container" id=policy-container-integrity-policy data-export="">integrity
   policy</dfn>, which is an <a href=https://w3c.github.io/webappsec-subresource-integrity/#integrity-policy id=policy-containers:integrity-policy data-x-internal=integrity-policy>integrity policy</a>, initially a new
   <a href=https://w3c.github.io/webappsec-subresource-integrity/#integrity-policy id=policy-containers:integrity-policy-2 data-x-internal=integrity-policy>integrity policy</a>.<li><p>A <dfn data-dfn-for="policy container" id=policy-container-report-only-integrity-policy data-export="">report only integrity policy</dfn>, which
   is an <a href=https://w3c.github.io/webappsec-subresource-integrity/#integrity-policy id=policy-containers:integrity-policy-3 data-x-internal=integrity-policy>integrity policy</a>, initially a new <a href=https://w3c.github.io/webappsec-subresource-integrity/#integrity-policy id=policy-containers:integrity-policy-4 data-x-internal=integrity-policy>integrity policy</a>.</ul>

  <p class=XXX>Move other policies into the policy container.</p>

  <p>To <dfn id=clone-a-policy-container data-export="">clone a policy container</dfn> given a <a href=#policy-container id=policy-containers:policy-container>policy container</a>
  <var>policyContainer</var>:</p>

  <ol><li><p>Let <var>clone</var> be a new <a href=#policy-container id=policy-containers:policy-container-2>policy container</a>.<li><p><a href=https://infra.spec.whatwg.org/#list-iterate id=policy-containers:list-iterate data-x-internal=list-iterate>For each</a> <var>policy</var> in
   <var>policyContainer</var>'s <a href=#policy-container-csp-list id=policy-containers:policy-container-csp-list>CSP list</a>, <a href=https://infra.spec.whatwg.org/#list-append id=policy-containers:list-append data-x-internal=list-append>append</a> a copy of <var>policy</var> into <var>clone</var>'s <a href=#policy-container-csp-list id=policy-containers:policy-container-csp-list-2>CSP list</a>.<li><p>Set <var>clone</var>'s <a href=#policy-container-embedder-policy id=policy-containers:policy-container-embedder-policy>embedder
   policy</a> to a copy of <var>policyContainer</var>'s <a href=#policy-container-embedder-policy id=policy-containers:policy-container-embedder-policy-2>embedder policy</a>.<li><p>Set <var>clone</var>'s <a href=#policy-container-referrer-policy id=policy-containers:policy-container-referrer-policy>referrer
   policy</a> to <var>policyContainer</var>'s <a href=#policy-container-referrer-policy id=policy-containers:policy-container-referrer-policy-2>referrer policy</a>.<li><p>Set <var>clone</var>'s <a href=#policy-container-integrity-policy id=policy-containers:policy-container-integrity-policy>integrity
   policy</a> to a copy of <var>policyContainer</var>'s <a href=#policy-container-integrity-policy id=policy-containers:policy-container-integrity-policy-2>integrity policy</a>.<li><p>Return <var>clone</var>.</ol>

  <p>To determine whether a <a id=policy-containers:url href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a> <var>url</var> <dfn id=requires-storing-the-policy-container-in-history>requires storing the policy
  container in history</dfn>:</p>

  <ol><li><p>If <var>url</var>'s <a href=https://url.spec.whatwg.org/#concept-url-scheme id=policy-containers:concept-url-scheme data-x-internal=concept-url-scheme>scheme</a> is "<code>blob</code>", then return false.<li><p>If <var>url</var> <a href=https://fetch.spec.whatwg.org/#is-local id=policy-containers:is-local data-x-internal=is-local>is local</a>, then return true.<li><p>Return false.</ol>

  <p>To <dfn id=creating-a-policy-container-from-a-fetch-response data-lt="creating a policy container from a fetch response" data-export="">create a policy container from a fetch response</dfn>
  given a <a href=https://fetch.spec.whatwg.org/#concept-response id=policy-containers:concept-response data-x-internal=concept-response>response</a> <var>response</var> and an
  <a id=policy-containers:environment href=webappapis.html#environment>environment</a>-or-null <var>environment</var>:</p>

  <ol><li><p>If <var>response</var>'s <a href=https://fetch.spec.whatwg.org/#concept-response-url id=policy-containers:concept-response-url data-x-internal=concept-response-url>URL</a>'s <a href=https://url.spec.whatwg.org/#concept-url-scheme id=policy-containers:concept-url-scheme-2 data-x-internal=concept-url-scheme>scheme</a> is "<code>blob</code>", then return a <a href=#clone-a-policy-container id=policy-containers:clone-a-policy-container>clone</a> of <var>response</var>'s <a href=https://fetch.spec.whatwg.org/#concept-response-url id=policy-containers:concept-response-url-2 data-x-internal=concept-response-url>URL</a>'s <a href=https://url.spec.whatwg.org/#concept-url-blob-entry id=policy-containers:concept-url-blob-entry data-x-internal=concept-url-blob-entry>blob URL
   entry</a>'s <a href=https://w3c.github.io/FileAPI/#blob-url-entry-environment id=policy-containers:blob-url-entry-environment data-x-internal=blob-url-entry-environment>environment</a>'s <a href=#policy-container id=policy-containers:policy-container-3>policy
   container</a>.<li><p>Let <var>result</var> be a new <a href=#policy-container id=policy-containers:policy-container-4>policy container</a>.<li><p>Set <var>result</var>'s <a href=#policy-container-csp-list id=policy-containers:policy-container-csp-list-3>CSP list</a> to the
   result of <a href=https://w3c.github.io/webappsec-csp/#parse-response-csp id=policy-containers:parse-response-csp data-x-internal=parse-response-csp>parsing a response's Content Security Policies</a>
   given <var>response</var>.<li><p>If <var>environment</var> is non-null, then set <var>result</var>'s <a href=#policy-container-embedder-policy id=policy-containers:policy-container-embedder-policy-3>embedder policy</a> to the result of <a href=#obtain-an-embedder-policy id=policy-containers:obtain-an-embedder-policy>obtaining an embedder policy</a> given <var>response</var>
   and <var>environment</var>. Otherwise, set it to "<code id=policy-containers:coep-unsafe-none><a href=#coep-unsafe-none>unsafe-none</a></code>".<li><p>Set <var>result</var>'s <a href=#policy-container-referrer-policy id=policy-containers:policy-container-referrer-policy-3>referrer
   policy</a> to the result of <a href=https://w3c.github.io/webappsec-referrer-policy/#parse-referrer-policy-from-header id=policy-containers:parse-referrer-policy-header data-x-internal=parse-referrer-policy-header>parsing the
   `<code>Referrer-Policy</code>` header</a> given <var>response</var>.
   <a href=references.html#refsREFERRERPOLICY>[REFERRERPOLICY]</a><li><p><a href=https://w3c.github.io/webappsec-subresource-integrity/#parse-integrity-policy-headers id=policy-containers:parse-integrity-policy-headers data-x-internal=parse-integrity-policy-headers>Parse Integrity-Policy headers</a> with
   <var>response</var> and <var>result</var>.<li><p>Return <var>result</var>.</ol>

  <p>To <dfn id=determining-navigation-params-policy-container>determine navigation params
  policy container</dfn> given a <a id=policy-containers:url-2 href=https://url.spec.whatwg.org/#concept-url data-x-internal=url>URL</a> <var>responseURL</var> and four <a href=#policy-container id=policy-containers:policy-container-5>policy container</a>-or-nulls <var>historyPolicyContainer</var>,
  <var>initiatorPolicyContainer</var>, <var>parentPolicyContainer</var>, and
  <var>responsePolicyContainer</var>:</p>

  <ol><li>
    <p>If <var>historyPolicyContainer</var> is not null, then:</p>

    <ol><li><p><a id=policy-containers:assert href=https://infra.spec.whatwg.org/#assert data-x-internal=assert>Assert</a>: <var>responseURL</var> <a href=#requires-storing-the-policy-container-in-history id=policy-containers:requires-storing-the-policy-container-in-history>requires storing the policy container
     in history</a>.<li><p>Return a <a href=#clone-a-policy-container id=policy-containers:clone-a-policy-container-2>clone</a> of
     <var>historyPolicyContainer</var>.</ol>
   <li>
    <p>If <var>responseURL</var> is <code id=policy-containers:about:srcdoc><a href=urls-and-fetching.html#about:srcdoc>about:srcdoc</a></code>, then:</p>

    <ol><li><p><a id=policy-containers:assert-2 href=https://infra.spec.whatwg.org/#assert data-x-internal=assert>Assert</a>: <var>parentPolicyContainer</var> is not null.<li><p>Return a <a href=#clone-a-policy-container id=policy-containers:clone-a-policy-container-3>clone</a> of
     <var>parentPolicyContainer</var>.</ol>
   <li><p>If <var>responseURL</var> <a href=https://fetch.spec.whatwg.org/#is-local id=policy-containers:is-local-2 data-x-internal=is-local>is local</a> and
   <var>initiatorPolicyContainer</var> is not null, then return a <a href=#clone-a-policy-container id=policy-containers:clone-a-policy-container-4>clone</a> of <var>initiatorPolicyContainer</var>.<li><p>If <var>responsePolicyContainer</var> is not null, then return
   <var>responsePolicyContainer</var>.<li><p>Return a new <a href=#policy-container id=policy-containers:policy-container-6>policy container</a>.</ol>

  <p>To <dfn id=initialize-worker-policy-container>initialize a worker global scope's policy
  container</dfn> given a <code id=policy-containers:workerglobalscope-2><a href=workers.html#workerglobalscope>WorkerGlobalScope</a></code> <var>workerGlobalScope</var>, a <a href=https://fetch.spec.whatwg.org/#concept-response id=policy-containers:concept-response-2 data-x-internal=concept-response>response</a> <var>response</var>, and an <a id=policy-containers:environment-2 href=webappapis.html#environment>environment</a>
  <var>environment</var>:</p>

  <ol><li>
    <p>If <var>workerGlobalScope</var>'s <a href=workers.html#concept-workerglobalscope-url id=policy-containers:concept-workerglobalscope-url>url</a>
    <a href=https://fetch.spec.whatwg.org/#is-local id=policy-containers:is-local-3 data-x-internal=is-local>is local</a> but its <a href=https://url.spec.whatwg.org/#concept-url-scheme id=policy-containers:concept-url-scheme-3 data-x-internal=concept-url-scheme>scheme</a>
    is not "<code>blob</code>":</p>

    <ol><li><p><a id=policy-containers:assert-3 href=https://infra.spec.whatwg.org/#assert data-x-internal=assert>Assert</a>: <var>workerGlobalScope</var>'s <a id=policy-containers:concept-WorkerGlobalScope-owner-set href=workers.html#concept-WorkerGlobalScope-owner-set>owner set</a>'s <a href=https://infra.spec.whatwg.org/#list-size id=policy-containers:list-size data-x-internal=list-size>size</a> is 1.<li><p>Set <var>workerGlobalScope</var>'s <a href=workers.html#concept-workerglobalscope-policy-container id=policy-containers:concept-workerglobalscope-policy-container>policy container</a> to a <a href=#clone-a-policy-container id=policy-containers:clone-a-policy-container-5>clone</a> of <var>workerGlobalScope</var>'s <a id=policy-containers:concept-WorkerGlobalScope-owner-set-2 href=workers.html#concept-WorkerGlobalScope-owner-set>owner
     set</a>[0]'s <a id=policy-containers:relevant-settings-object href=webappapis.html#relevant-settings-object>relevant settings object</a>'s <a href=webappapis.html#concept-settings-object-policy-container id=policy-containers:concept-settings-object-policy-container>policy container</a>.</ol>
   <li><p>Otherwise, set <var>workerGlobalScope</var>'s <a href=workers.html#concept-workerglobalscope-policy-container id=policy-containers:concept-workerglobalscope-policy-container-2>policy container</a> to the result of
   <a href=#creating-a-policy-container-from-a-fetch-response id=policy-containers:creating-a-policy-container-from-a-fetch-response>creating a policy container from a fetch response</a> given
   <var>response</var> and <var>environment</var>.</ol>

  


  <nav><a href=popover.html>← 6.12 The popover attribute</a> — <a href=index.html>Table of Contents</a> — <a href=nav-history-apis.html>7.2 APIs related to navigation and
  session history →</a></nav>
